Introduction

When working with the Application concept in Onesait Platform, resources (APIs, Dashboards, etc.) can be assigned to certain roles, which will form part of the Realm. Until now, the users to whom these roles were assigned had to be of the ‘developer’ or ‘user’ type, but since version 6.3.0 a new type of assignable role called ‘user_apl’ has been created.

With the creation of this new role in the Platform, users will be able to establish this role and assign them resources from an Application.

Permissions of the Role

This role has certain limitations regarding its permissions, as it is designed to be used in the Platform Applications. Therefore, it must be taken into account that this role:

• It does not allow access to the Control Panel.

• It does not allow consumption of the Platform's management APIs.

• Allows access to public elements (Dashboards, APIs, etc.).

• Allows access to assigned resources.

In short, this new role ‘user_apl’ is for those Application users who do not want to have access to the Control Panel, but who do want access to the Application managed by the Platform in which they have been registered and to its resources.

If a user with this type of role tries to access the Control Panel, he/she will be redirected to a 403 error screen, indicating that the user does not have access permission. Clicking the characteristic ‘Return to home’ button on the error screens, or attempting to navigate to another URL to which access is denied, will automatically log them out and redirect them to the login screen.

Similarly, as indicated above, these users are also not allowed to use the Platform management APIs.

However, there are certain elements, such as the public Dashboards, which they will be able to access through a redirection within the Application they are part of or by clicking on a direct link.