Watch how simple this is in this week’s Geocortex Tech Tip, where we’ll demonstrate how to apply different field permissions at once using Geocortex Access Control’s advanced expression feature.
“Hi, my name is Ryan Cooney. Today, I’m going to show you how you can apply a whole bunch of field permissions all at once using Geocortex Access Control’s advanced expressions feature. Let’s take a look!
The data I’m working with today is this editable feature layer, represented by these red points. If I select one, we can see that there are all kinds of fields here. We’ve got dozens of fields and they’re virtually all editable. So, behind the scenes, ArcGIS is exposing this feature service and anybody who has access to this feature service can edit any of these fields that are marked as editable.
Now, there’s no granularity of different users being able to edit different things. If you have access to the service, it’s every single one of these fields that’s editable you can edit. So, it’s fine if all my users are sort of the same type of user and they need that capability, but if we make the use case a little more complicated and say you know people in my department should be able to edit but people in another department should have read-only access to some or most of these fields – that gets pretty tricky to do, and you end up exposing multiple feature services in ArcGIS server to support that use case and then it
kind of compounds because usually, you’re going to end up having to create different applications for those different user groups so that they can consume those feature services.
So, it gets pretty messy pretty fast, and fortunately, Access Control can provide a solution to this. Access Control allows you to set field permissions.
So, we could go and take this layer. So, it’s in the hosted ODOT feature service. It’s this layer, I can go in and I can assign permissions on individual fields. I’ll just quickly do one here. This is sort of the standard way of providing field permissions.
Let’s take the ‘County CD’ field. I can assign permission and I can assign it to a group. Let’s say pick the group that I want to have read-only access to. Let’s call it this County Staff and I’m going to give them that you know the layers the field is visible but not editable for them.
So, once I’ve saved that, I’m just going to reload this application. We’ll go and select the same thing.
There we can see that the county code field is read-only. All right, so Access Control can provide a way to have user-specific field editable visible or you can just hide the field altogether.
We can define those permissions and access control, but let’s consider a use case where maybe I want this user group to only be able to edit one of the fields. Let’s say, they’re able to update this last inspection date. If that’s the only field I want them to be able to edit. How would we do that following this pattern? We could definitely do it, but I would have to define a whole bunch of permissions.
Basically, I would have to exclude or add a permission to every one of these fields except for the one I was after. So that’s kind of inefficient. Fortunately, there is a better way.
What I can do is I can loop over all the fields of the current layer. That’s what this is going to do. So, I’m going to loop over each of the fields and now if the field satisfies some condition, I can set a permission-based on that.
In this case, if the field name is not equal to the name of the field that I want, other than I’m interested in, I’m going to set read-only access to that and see there are functions here that help us do that. There’s an ‘allowField’ function where I give it the name of the field and value whether or not it should be editable access. We can use the field name and I want to make this read-only.
Just to walk through this again. So, we’re going to loop over all the fields of the current layer if so we’re evaluating each individual field and if that field name is not equal to the latest inspection date which is the name of the field that I’m that I want to make editable. If it’s not equal to that, I’m going to set read-only access.
I’m going to allow the field but I’m going to supply false value here. It’s saying it’s not editable, so it’s a couple of lines of code, but it’s going to save us having to assign permissions on dozens of fields because we can just loop through all these fields really quickly and do it.
All right save that permission. Reload the application and check the result and there we have it! Let’s see all these fields are read-only except for the latest inspection date which now I can edit.
Want to learn more about what Geocortex Access Control has to offer? Click the button below for additional product information, or to schedule a demo.