In this section, we'll go over how you can secure Form Runner and Form Builder. For access control, Orbeon Forms leverages and delegates some work to external security infrastructure. In particular, you define users and their roles/group outside of Orbeon Forms.
Access control touches on the following:
Form definitions – Which users (in this case also known as form authors), can create, edit, or view form definitions.
Published forms – Which users can access a deployed form? If they can access the form, what operations (such as creating, viewing, editing, deleting) are allowed?
Form fields – If users can access the form, can she access a particular field or group of fields? If so, can the field be changed or just viewed?
The following pages address specific topics:
Setup users for access control - How to setup Orbeon Forms so that users and roles are provided.
Login & Logout - Optional user menu for providing links to login and logout functions.
Access control for deployed forms - How to control access to deployed forms.
Form fields - How to control access to specific form fields based on the user user's roles.
Access control for editing forms - How to control access to Form Builder.
Owner and group member permissions - Access based on ownership and groups.
Organization-based permissions – Access based on organizational structure.