Skip to Content

Privileges and permissions in Jitterbit App Builder

App Builder's security model is composed of the following concepts:

  • Users
  • Groups
  • Privileges
  • Roles
  • Permissions

Groups and privileges

Groups organize users. Security administrators grant groups privileges to applications and data sources. If a group is granted privilege to an application, the group is automatically granted privilege to any data source referenced by that application.

Roles and permissions

Data sources may define roles. Roles organize permissions; permissions determine a role's access rights to data objects.

Permissions may grant one or more of the following access rights to a data object:

Permission Description
Read Allows users to query the data object.
Insert Allows users to insert records into the data object.
Update Allows users to update records in the data object and execute user-defined events.
Delete Allows users to delete records from the data object.

Note

If you do not see Role changes apply to Users, navigate to the App Builder IDE > Additional Settings > Flush Cache.

Data source authorization

Data sources are secured using one of two authorization models. The authorization model is determined by whether or not the data source defines any roles. The data source authorization models include:

Model Description
Data source authorization If a data source does not define any roles, users with privilege to the data source have full permission to all data objects within the data source.
Roles-based authorization If a data source defines one or more roles, the data source is using roles-based authorization. In which case, in addition to granting groups privilege to the data source, security administrators must add the group to one or more data source roles.

Application authorization

Security administrators can grant a group privilege to an application or a data source. Users can only access an application if they have been granted privilege to the application. As noted above, granting privilege to an application grants privileges to any data sources referenced by the application. The reverse is not true: granting a group privilege to a data source does not grant that group privilege to applications that reference the data source.

Page authorization

In App Builder, developers secure data objects, not pages. However, the following page controls bind to data objects:

  • Grid panels
  • Form panels
  • Charts
  • Lists

A user has permission to a page if and only if the user has Read access to all data objects used by the page.

If a user requests a page to which he or she does not have access, then the user will receive an "Access Denied" error. App Builder hides or disables links to pages that users cannot access. Therefore, such errors are only likely if security is misconfigured or if the user navigates directly to a page (e.g. by clicking a link in an email).

When constructing menu links, App Builder will analyze each link to determine if the user has access to the target page. If the user has access to the page, the link will appear in the menu. Otherwise, the link will be hidden.

Similarly, when rendering a page, App Builder will analyze each page link to determine if the user has access to the target page. If the user has access, the page will render as designed. If the user does not have access to the target page, App Builder will modify the page accordingly:

  • The grid panel's link icon (Chevron or Popup) is hidden. In addition, the double-click action is disabled.
  • Grid panel columns defined by controls that are not data-bound (e.g. Buttons) will be hidden.
  • Controls within grid or form panels that are data-bound (e.g. Text, List) are rendered un-clickable.

Page controls

When rendering a page, App Builder will hide or disable page elements based on the user's access rights to the underlying data objects. This includes:

Access Right Affects
Insert * The grid panel's Add button will be hidden.
Update
  • The grid panel's Edit icons (Pencil) will be hidden.
  • The form-row panel's Edit button will be hidden.
  • Grid panel columns defined by controls that are not data-bound (e.g. Buttons) will be hidden.
  • Controls within a form panel that are not data-bound (e.g. Buttons) will be hidden.
  • Controls within grid or form panels that are data-bound (e.g. Text, List) are rendered un-clickable.
Delete
  • The grid panel's Delete icons (Trash) will be hidden
  • The form panel's Delete button will be hidden.