Role-Based Access Control for Formsflows

---

formsflow allows designers to set permissions for forms, providing fine-grained control over visibility for both designers and client users based on their roles.

With this feature, designers can define specific permissions for each form they create, determining which roles can view and interact with it. By configuring these permissions, designers ensure that only authorized individuals or user groups can access and work with the form.

This enhances flexibility and control within formsflow, empowering designers to manage permissions and ensure form visibility aligns with assigned roles, creating a tailored and secure environment for designers and clients.

1. Log in as a designer and create a form, then save it.

   

2. Attach the form to a workflow.

   

3. Select permissions for the specific form.

   For Designer Permissions

   • Case I: Accessible to all designers (default).

   • Case II: Private (Only You) - If only the current designer needs access.

     

     Note: The creator of a form will always have access to the form they designed, even if the option is set to Private (Only You).

   • Case III: Specific Designer Group - Grant access to specific designer groups.

     Click on the Specific Designer Group option, then click the Add button.

     

     This displays the list of available groups:

     

   Note: The creator of a form will always have access to the form they designed, even if they are not a member of the specific group.

   Permission to Create New Submissions

   This permission grants exclusive rights to a specified user group to create new submissions for the designed form.

   • Case I: All reviewers and clients (default).

     

   • Case II: Specific User Group - Grant access to specific groups of clients and reviewers.

     Click on the Specific User Group option, then click the Add button to display the list of groups available.

     

     

   Reviewer Permission to View Submissions

   This permission allows assigned reviewers to view the submission history of the designed form.

   • Case I: All Reviewers (default).

     

   • Case II: Specific Reviewers - Grant access to specific groups of reviewers.

     Click on Specific Reviewers, then click the Add button to display the list of groups available.

     

     

   Note: When choosing specific designer or client groups, the list includes all groups available in Keycloak, including designer, client, and reviewer groups. The designer must select the appropriate group.

4. Publish and save the form for client users.

   

Note: To list existing forms for clients, you must migrate existing Camunda authorizations. Run the migration.sh bash script inside the FormsFlow web API. For Kubernetes or Nginx setups, access the FormsFlow web API container and execute migration.sh. For local setups, enter the FormsFlow web API container or activate the virtual environment (following the Makefile instructions in the FormsFlow web API) and run the script.