Orbeon Forms
  • Getting started
  • Installation
    • Logging
    • Configuration banner
    • Docker
    • Azure
    • Tomcat
    • WildFly
    • WebSphere
    • WebLogic
    • GlassFish
    • Caches
    • Replication
    • Upgrading
  • Configuration
    • Properties
      • General
        • HTTP client
      • Form Runner
        • Detail page
          • Attachments
          • Email properties
          • PDF
          • Table of contents
        • Persistence
        • Summary page
      • Form Builder
      • XForms
    • Advanced
      • Workflows
      • Session management
      • State handling
      • Client-side error handling
      • Clustering and High Availability
      • Configuring a Form Runner eXist database
      • Creating a production WAR
      • Environments
      • JavaScript and CSS assets
      • Limiter filter
      • Run modes
      • Security
        • Content-Security-Policy header
      • SAP Hybris Module
      • XForms logging
    • Troubleshooting
      • Troubleshooting with the orbeon.log
      • Memory and threads
      • Relational database logging
      • Misc
  • Form Builder
    • Form settings
      • Time window
    • Form editor
      • Form area
      • Toolbox
      • Buttons bar
      • Control settings
      • Dependent fields and sections
      • Validation
      • Choices editor
      • Publishing
      • Cut, copy and paste
      • Section and grid settings
      • Section settings
      • Grid settings
      • Quick control search
      • Repeat settings
      • Repeated grids
      • Undo and redo
      • Keyboard shortcuts
    • Formulas
      • Examples of formulas
      • Formulas inspector
      • Formulas console
    • Summary page
    • Form localization
    • Advanced
      • Edit source
      • Services and actions
        • HTTP services
        • Database services
        • Simple Actions
        • Action Syntax
        • Action Syntax examples
        • Synchronizing repeated content
      • Testing a form in web mode
      • Testing PDF production
      • Testing offline functionality
      • Email Settings dialog
      • Field-level encryption
      • Messages
      • Section templates
      • Template syntax
      • XML Schemas support
      • Extensibility
        • Extension API
        • Integration
        • Toolbox component metadata
  • Form Runner
    • Overview
      • Terminology
    • Pages
      • Landing page
      • Published Forms page
      • Forms Admin page
      • Summary page
    • Components
      • Alert dialog
      • Attachment
      • Autocomplete
      • Captcha
      • Character counter
      • Checkbox input
      • Currency
      • Date
      • Dropdown date
      • Static and dynamic dropdown
      • Error summary
      • Grid
      • Handwritten signature
      • Hidden field
      • Image
      • Image annotation
      • Image attachment
      • Number
      • Open selection
      • Repeater
      • Formatted Text / Rich Text Editor
      • Section
      • Single-selection tree
      • Source code editor
      • Time
      • US phone
      • US state
      • Video
      • Video attachment
      • Wizard
      • XForms inspector
      • Yes/No answer
    • Features
      • Automatic calculations dependencies
      • Datasets
      • Excel and XML import
      • Excel and XML export
      • Summary page Excel Export
      • Form definitions and form data Zip Export
      • Purging historical data
      • Lease
      • Localization
      • Supported languages
      • Mobile support
      • Multitenancy
      • Form Runner navigation bar
      • PDF production
        • Automatic PDF
        • Automatic PDF header and footer configuration
        • PDF templates
      • Responsive design
      • Revision history
      • S3 storage
      • Simple data migration
      • TIFF production
      • Versioning
      • Wizard view
      • Workflow stage
    • Persistence
      • Using a relational database
      • Relational database schema
      • Purging old data using SQL
      • Auditing
      • Autosave
      • Database support
      • Flat view
    • Linking and embedding
      • Linking
      • Java Embedding API
      • JavaScript Embedding API
      • Liferay full portlet
      • Liferay proxy portlet
      • Securing Form Runner access
      • Form Runner offline embedding API
      • Angular component
      • React component
    • Access control and permissions
      • Users
      • Login & Logout
      • Deployed forms
      • Form fields
      • Editing forms
      • Owner and group member
      • Organizations
      • Scenarios
      • Token-based permissions
    • Styling
      • CSS
      • Grids CSS
      • Automatic PDF styling and CSS
    • APIs
      • Authentication of server-side service APIs
      • Persistence API
        • CRUD API
        • Search API
        • List form data attachments API
        • Form Metadata API
        • Lease API
        • Reindexing API
        • Caching
        • Versioning
        • Revision History API
        • Zip Export API
        • Custom persistence providers
      • Other APIs
        • Connection context API
        • Duplicate form data API
        • File scan API
        • Form Runner JavaScript API
        • Generate XML Schema API
        • PDF API
        • Publish form definition API
        • Run form in the background API
      • Data formats
        • Form data
        • Date and time
        • Form definition
    • Architecture and integration
      • Architecture
      • Access form data
      • Integration
    • Advanced
      • Buttons and processes
        • Simple process syntax
        • Core actions
        • Form Runner actions
          • Save action
          • Send action
          • Email action
        • XForms actions
        • Predefined buttons, processes and dialogs
        • Summary page buttons and processes
      • Custom dialogs/model logic
      • Services
      • Singleton form
      • Monitoring HTTP requests
  • XForms
    • Core
      • Attribute Value Templates (AVTs)
      • Binds
      • Validation
      • Variables
      • Keyboard focus
      • XForms JavaScript API
      • Error handling
        • Detailed behavior
      • Model-Bind variables
      • XForms 2.0 support
    • Events
      • Standard support
      • UI refresh events
      • Keyboard events
      • Extension events
      • Extension context information
      • Other event extensions
    • Actions
      • Repeat, insert and delete
      • Scripting actions
      • Extensions
    • Controls
      • Label, hint, help
      • Input
      • Output
      • Text area
      • Button
      • Upload
      • Dialog
    • Submission
      • Standard support
      • JSON support
      • Asynchronous submissions
      • Caching extension
      • Other submission extensions
    • XPath
      • Type annotations
      • Expression analysis
      • Tips
      • Compatibility
      • Standard functions
      • Maps and arrays Functions
      • Extension functions
        • Core functions
        • Utility functions
        • Model functions
        • Controls functions
        • XML functions
        • JSON functions
        • HTTP functions
        • Form Runner functions
        • Other functions
        • Deprecated functions
    • XBL components
      • FAQ
      • Guide
        • XBL Tutorial
        • Bindings
        • XForms models
        • Including content
        • Event handling
        • Conventions
        • Map XBL example
        • Learning from existing components
      • Advanced topics
        • XBL Modes
        • JavaScript companion classes
        • XBL library
        • Extensions
        • Attachment controls
    • XForms tutorial
      • Introduction
      • Installation
      • The Hello application
      • The Bookcast application
        • The basic app
        • Database access
        • Polishing the app
        • Adding a feed
    • Using XForms from Java apps
  • XML Platform
    • Page Flow Controller
      • Basics
      • XML submission
      • Navigating between pages
      • Paths and matchers
      • Other configuration elements
      • Typical combinations of page model and page view
      • Examples
      • Authorizing pages and services
    • Processors
      • URL generator
      • Request generator
      • PDF to image converter
    • Resources
      • Resource managers
      • Setting up an external resources directory
    • Other
      • Binary and text documents
  • FAQ
    • Licensing
    • PE and Dev Support
    • Form Builder and Form Runner
    • Resources and support
    • Other technical questions
  • Contributors
    • Automated tests
    • Building Orbeon Forms
    • Localizing Orbeon Forms
    • Validation functions
    • Contributor License Agreement
  • Release notes
    • Orbeon Forms 2022.1.9
    • Orbeon Forms 2024.1.1
    • Orbeon Forms 2023.1.7
    • Orbeon Forms 2024.1
    • Orbeon Forms 2023.1.6
    • Orbeon Forms 2023.1.5
    • Orbeon Forms 2021.1.11
    • Orbeon Forms 2022.1.8
    • Orbeon Forms 2023.1.4
    • Orbeon Forms 2023.1.3
    • Orbeon Forms 2023.1.2
    • Orbeon Forms 2022.1.7
    • Orbeon Forms 2023.1.1
    • Orbeon Forms 2023.1
    • Orbeon Forms 2022.1.6
    • Orbeon Forms 2021.1.10
    • Orbeon Forms 2022.1.5
    • Orbeon Forms 2021.1.9
    • Orbeon Forms 2022.1.4
    • Orbeon Forms 2022.1.3
    • Orbeon Forms 2021.1.8
    • Orbeon Forms 2022.1.2
    • Orbeon Forms 2022.1.1
    • Orbeon Forms 2022.1
    • Orbeon Forms 2021.1.7
    • Orbeon Forms 2021.1.6
    • Orbeon Forms 2021.1.5
    • Orbeon Forms 2021.1.4
    • Orbeon Forms 2021.1.3
    • Orbeon Forms 2021.1.2
    • Orbeon Forms 2021.1.1
    • Orbeon Forms 2021.1
    • Orbeon Forms 2020.1.6
    • Orbeon Forms 2019.2.4
    • Orbeon Forms 2019.1.2
    • Orbeon Forms 2018.2.5
    • Orbeon Forms 2018.1.4
    • Orbeon Forms 2020.1.5
    • Orbeon Forms 2020.1.4
    • Orbeon Forms 2020.1.3
    • Orbeon Forms 2020.1.2
    • Orbeon Forms 2019.2.3
    • Orbeon Forms 2020.1.1
    • Orbeon Forms 2020.1
    • Orbeon Forms 2019.2.2
    • Orbeon Forms 2019.2.1
    • Orbeon Forms 2019.1.1
    • Orbeon Forms 2019.2
    • Orbeon Forms 2019.1
    • Orbeon Forms 2018.2.4
  • Release history
  • Use cases
  • Product roadmap
  • Index of features
Powered by GitBook
On this page
  • Availability
  • Introduction
  • Enabling permissions
  • Setting permissions
  • An example
  • Role types
  • Permissions in detail
  • The List permission
  • Per-app and global permissions
  • Introduction
  • Properties
  • Precedence of permissions configurations
  • Configuration detail
  • Impact on versioning
  • How permissions affect Form Runner pages
  • Introduction
  • Published Forms page
  • Summary page
  • View, New, and Edit pages
  • Compatibility note
  • See also
  1. Form Runner
  2. Access control and permissions

Deployed forms

PreviousLogin & LogoutNextForm fields

Last updated 9 months ago

Availability

This is an Orbeon Forms PE feature.

Introduction

You can restrict which users can access which forms, and what operations they can perform. Those restrictions apply to the forms you create once they are deployed, not to editing those forms in Form Builder (for the latter, see ).

Enabling permissions

By default, no restriction is imposed on who can do what with forms you create in Form Builder. You enable permissions by going to the Form Builder toolbox, and under Advanced, clicking on Permissions.

This shows the following dialog:

After you click on the checkbox, you'll be able to set access restrictions on the Create, Read, Update, and Delete operations.

Setting permissions

An example

In the example below:

  • Any user (even anonymous) can fill out new form data.

  • A logged-in user who created form data can later read and update it.

  • A logged-in user member of the group of the user who created form data can read it but not update it.

  • Users with the role clerk can read any form data. They can also list data on the Summary page.

  • Users with the role admin can do any operation, including deleting form data and listing data on the Summary page.

Role types

  1. On the Anyone line, set the operations allowed to all users.

  2. On the following lines, you can enter a role name, and define what operations users with that role can perform.

Permissions in detail

Permissions you set in the dialog are additive – Say you defined permissions for two roles, where users with the reader role can read and users in the clerk role can delete, users with both roles ( reader and clerk) are allowed to perform both operations (reading and deleting).

Operation on Anyone apply to all other rows – When you select a checkbox for a given operation on the first Anyone row, that checkbox will be automatically checked and disabled so you can't change it, for any additional row, since you wouldn't want to authorize users with additional roles to perform less operations.

Update implies Read – On any row, if you check Update, then Read will be automatically checked, as it wouldn't make sense to say that some users can update data, but can't read it, as when updating data, obviously, they must be shown the data they are updating.

Create can't be set for the Owner and Group members – The owner/group is a piece of information attached to existing form data, keeping track of the user who create the data, and the group in which this user is. This information is only known for existing data, so assigning the Create permission to the Owner or Group members doesn't make sense, and the dialog doesn't show that checkbox.

Permissions for the Owner and Group members can be set independently – If you want data to be accessible only by people who created it, check Read/Update/Delete/List for the owner but not for group members. If you want data to be accessible by all people in the same group, check Read/Update/Delete/List for the group members and don't check them for the owner if you want the owner to lose access to that data in case the owner changes group. (The latter highlights the need for permissions owner and group member to be set independently.)

The List permission

[SINCE Orbeon Forms 2022.1]

The List permission allows specifying that the user can list form data on the Form Runner Summary page. If a user navigates to the Summary page of a form and the List permission is not granted to the user, the Summary page responds with an "Unauthorized" error.

With earlier versions of Orbeon Forms, the List permission was not checked separately. However, the ability to "Read" implied the ability to List on the Summary page.

Forms created and edited with earlier versions of Orbeon Forms that have the Read permission enabled also implicitly have the List permission enabled, for backward compatibility. Opening such a form in Form Builder will show both the Read and List permissions. If the form author deselects the List permission, and then publishes the form, then the form will not allow the List permission, as expected.

Per-app and global permissions

Introduction

[SINCE Orbeon Forms 2022.1]

You can configure permissions per app, as well as globally. This is particularly useful when you have a large number of forms, and want to configure permissions for all of them at once. Per-app and global permissions are currently set using configuration properties in properties-local.xml.

Properties

You configure permissions with the oxf.fr.permissions.$app.$form properties. For example:

<property as="xs:string"  name="oxf.fr.permissions.acme.sales">
  {
    ...
  }
</property>

As usual, you can use wildcards to specify whether the configuration is global:

<property as="xs:string"  name="oxf.fr.permissions.*.*">
  {
    ...
  }
</property>

Or whether it applies to a specific app:

<property as="xs:string"  name="oxf.fr.permissions.acme.*">
  {
    ...
  }
</property>

Precedence of permissions configurations

If a form definition includes a Form Builder-defined set of permissions, then those permissions are used and the permissions set in properties-local.xml are ignored.

There is no merging of permissions between a Form Builder-defined set of permissions and properties-defined permissions, or between global and per-app permissions.

Configuration detail

For each property, the configuration is a JSON format that follows the layout of the Form Builder user interface (see screenshot above):

{
  "anyone":         [ "create" ],
  "owner":          [ "read", "update" ],
  "group-member":   [ "read", "update" ],
  "roles": {
    "orbeon-user":  [ "read", "update", "list" ],
    "orbeon-admin": [ "read", "update", "delete", "list" ]
  }
}

The configuration is a JSON object with the following properties:

  • anyone: an array of operations that are allowed for all users

  • anyone-with-token:

    • an array of operations that are allowed for users with a link including a token

  • any-authenticated-user

    • an array of operations that are allowed for users who are authenticated

    • this excludes, therefore, anonymous users

  • owner: an array of operations that are allowed for the user who created the data

  • group-member: an array of operations that are allowed for users in the same group as the owner of the data

  • roles: a JSON object with the following properties:

    • each key is a role name

    • each value is an array of operations that are allowed for users with the given role

The operations are the same as the ones in the Form Builder user interface:

  • create: create new data

  • read: read data

  • update: update data

  • delete: delete data

  • list: list data on the Summary page

To indicate that no operation is allowed:

  • use an empty array

  • or omit the property

Impact on versioning

For permissions defined in Form Builder, the permissions are stored in the form definition, and this means that you can have multiple form versions published with different permissions.

However, for permissions defined in properties-local.xml, the permissions are per app/form name, and will apply to all published versions of the form under that app/form name.

How permissions affect Form Runner pages

Introduction

Which operations the current user can perform drives what page they can access, and on some pages which buttons are shown.

Published Forms page

This was formerly known as the Home page.

On the Form Runner Published Forms page, all the forms on which the current user can perform at least one operation are displayed. Then, for each one of those forms:

  • If they can perform the Create operation on the form, a link to the New page is shown.

  • If they can perform any of the Read, Update, or Delete operation on the form, a link to the Summary page for that form is shown.

Summary page

  • Access is completely denied if the current user can't perform any of the Read, Update, or Delete operations.

    • [SINCE Orbeon Forms 2022.1] Access is also completely denied if the user doesn't have the List permission.

  • The Delete button is disabled if the current user can't perform the Delete operation.

  • The review and pdf button are disabled if the current user can't perform the Read operation.

  • Clicking in a row of the table will open the form in Edit mode if the current user can perform the Update operation, in View mode if they can perform the Read operation, and do nothing otherwise.

View, New, and Edit pages

  • For the View page, access is denied if the current user can't perform the Read operation.

  • For the New page, access is denied if the current user can't perform the Create operation.

  • For the Edit page, access is denied if the current user can't perform the Update operation.

Compatibility note

[SINCE 4.3] In Orbeon Forms 4.2 and earlier, role-based permissions set in Form Builder could only be driven by container-based roles and the value of the oxf.fr.authentication.method property was not taken into account. Since version 4.3, those permissions also apply if you are using header-driven roles.

See also

On the Require Token line, specify that the Read and Update permissions above require a token to be satisfied.

On the Any Authenticated User line, set the operation allowed to authenticated users only.

On the Owner line, set the operations allowed to the user who created the data. See also . [SINCE Orbeon Forms 4.3]

On the Group members line, set the operations allowed to users in the same group as the owner. See also . [SINCE Orbeon Forms 4.3]

see

- How to setup Orbeon Forms so that users and roles are provided.

- Optional user menu for providing links to login and logout functions.

- How to control access to specific form fields based on the user user's roles.

- How to control access to Form Builder.

- Access based on ownership and groups.

– Access based on organizational structure.

- Token-based permissions

[SINCE Orbeon Forms 2023.1]
[SINCE Orbeon Forms 2023.1]
Owner and Group Member Permissions
Owner and Group Member Permissions
[SINCE Orbeon Forms 2023.1]
Token-based permissions
[SINCE Orbeon Forms 2023.1]
Setup users for access control
Login & Logout
Form fields
Access control for editing forms
Owner and group member permissions
Organization-based permissions
Token-based permissions
Scenarios
Access control for editing forms
Opening the Permissions dialog
Permissions dialog with no permissions enabled
Permissions dialog with explicit permissions enabled