Restrict User Access to an Application, Flow, or Page

When you want to limit user access to your application, you can set up user roles at the application level, then restrict access only to those roles. You can use this approach to restrict access to your app, even a page or flow in your app.

Note:

In addition to security settings that are set on the UI layer, you should also secure your backend REST services since client-side restrictions can potentially be hacked. If your backend is developed with business objects in Visual Builder, see Access and Secure Business Objects.

To restrict access to your application:

1. Create a user role (for example, MyAdminRole), then associate it with specific IDCS groups or users, as described in Manage User Roles and Access.

   When you set up user roles for your visual application, the roles map to groups in your IDCS account. These roles act as additional roles on top of the built-in Authenticated User role.

   When access to the app requires authentication (default), all users who sign in to the app with their Oracle Cloud credentials are assigned the Authentication User role. By default, an authenticated user can see and manage all business object data. To change this, update the business object's security settings.

2. Set role-based permissions at the app, flow, or page level:
   1. In the Web Apps pane, click the node for the artifact. To restrict access to the page, for example, you'd click the page node.
   2. Click Settings, then Security.
   3. From the Roles drop-down list, select the role you want to use to restrict access. Here's an example of a page-level configuration:
      
      

      
      Description of the illustration userrole-page-configuration.png

      
      
   4. Click Add.
3. Test the application to preview it in different roles, as described in Test Role-Based Access.
4. When you are ready, stage and publish your application, as described in Stage and Publish Visual Applications.