Create a user access management app

In Flowfinity, the ability to manage users requires Administrator permissions. This means full access has to be granted to the entire production server, including access to all sites, apps, and dashboards to create, edit, and delete users.

However, there are many cases in which it is not preferable to give administrative access to users who need only narrow user management permissions.

User Account Management applications allow more user management flexibility and can be used to create and manage subsets of Flowfinity users. This is useful for a company with users at several locations or an organization with distinct business units or departments. For example, Western Territory Managers only need to manage Sales Reps within their region, and do not need access to the Eastern team.

Example:

ABC Groceries Inc is an independent chain of grocery stores that uses Flowfinity to manage their data and workflows. With various locations, individual Store Managers only require user management permissions for their specific location. This can be done using a User Account Management application. Head Office users with Administrator rights can grant access to an app that allows Store Managers to create, edit, and delete users for their own stores.

Steps

Note: All users created in User Account Management apps require a Flowfinity license.

1. Navigate to the Configure tab, select Users, and click on the Roles tab. Click 'Add role' and create a custom role (e.g., Store Manager).
   
   
2. Next, create five new roles – one for each store: Central Branch, East Branch, West Branch, North Branch, and South Branch.
   
3. Now, we'll separate these app-specific roles from the standard System Roles and other Custom roles (e.g. Store Manager). Click on the Central Branch role and click 'Edit role.'
   Near the bottom right, select 'Edit,' and then 'Add Class.' Name this new class 'Store Roles.'
   
   
   
4. Repeat this for each of the remaining branches (e.g. North, South, East, and West branches).
   
   
   Note: the five custom roles will now be available in a separate 'Store Roles' tab.
5. Navigate to the Apps tab and then click 'Design New App.'
   
6. Name the application (e.g., Store Users) and select 'User Account Management' from the Application type dropdown menu. Click 'Next.'
   
   
   Note: The 'Application type' field is new in Flowfinity Actions 20.1 and includes two new access management application types, 'User Account Management' and 'Token Access Management.'
   'Data Collection' is selected by default, choose this option to create a data collection or workflow Flowfinity application.
   Please ensure you select the appropriate application type as this selection cannot be amended later.
7. The App Editor will generate a preconfigured form that includes several required fields. These fields cannot be removed from the form as they are needed to map fields within Flowfinity and create a user. Field properties marked as grey cannot be modified, all other field properties (e.g., Label) can be modified.
   
8. Locate the Roles field and create a 'calculated value' default value for the field. Enter the value 'selfroles.' Then, select 'Store Roles' from the Role class dropdown and uncheck 'Allow multiple.'
   
   Note: this will ensure that new users created are automatically designated to the same branch as the manager who created the record. Unchecking 'Allow multiple' will remove the option to allow a Store User to belong to more than one store.
9. Users can now be added to the system using the Store Users application, through the 'Add User' operation.
10. To ensure only Store Managers have permission to create records in the Store Users application, navigate to the Operations tab and click 'Permissions.'
11. Click on the Custom roles class tab, and apply all record operation permissions to the Store Manager role.
    
    Note: It is not recommended that you make changes to the 'System roles' permissions as this will restrict system administrators from accessing app operations.
12. The final step is to configure a new View for Store Managers that filters the list of users to only include those that belong to the same branch as the Store Manager.
13. Navigate to the Views tab and click 'Add view.'
    
14. Name the view (e.g., My Store Users) and include the appropriate fields in the Layout tab.
    
    Note: As User Account Management apps allow for user accounts to be created on a mobile device, something that is not available using the Configure tab, consider adding a shortcut for this view to the portal screen. This makes it easily available to a Store Manager on both desktop and mobile devices.
15. Click the Filter tab and add the following filter:
    
    This will ensure that the only records included in this view will be those that match the Store Role (i.e., the individual branch) of that manager.
    Note: As the Roles field configure in Step 8 is set to Store Roles, it will filter only by the individual branch and will not include other Store Managers.
16. Finally, go to the Permissions tab check the box next to Store Manager. This ensures that only Store Manager users will have access to this view.
    
17. The view is now configured. Click 'Save view' and then publish the application.
    
18. The User Account Management application is now complete and ready to use. When a Store Manager logs into the system, they will be able to see all their Store Users and will be able to use the 'Add New User' operation. Store Managers will also be able to edit and delete existing users by click on their record.
    
    Head Office users, who have full administrative access, will be able to see a list of all Store Managers and Store Users by clicking on the Users section in the Configure tab.
    
    Users can be filtered in various ways, including by their role or origin. Click 'Group by Origin' to see a breakdown of which users have been created in the Configure section by an Administrator, and which have been created through a User Account Management application.