Configuring an App's Access and Permissions

Note: Individuals identified as reviewers in your app’s workflow do not need to be assigned permissions to review forms. Permissions only need to be assigned for those who will edit your app or submit your form. For example, if you set up John Jumbo as an approver in your workflow but he won't be submitting the form, you will not give him permissions.

By default, your app is private only to you. Even if you publish your app, no one can take and submit your form unless you grant them explicit permissions.

Permissions are configured individually for each app; you may have a research proposal app for only students to submit and a time off app for only staff.

    Permissions fall into three broad categories:

    • Who can submit the form?
    • Who can view, edit, or delete submitted forms (documents)?
    • Who can edit the app?

    Permissions are assigned by policy, which is a collection of defined users. Some policies are predefined; for example, “All Authenticated Users” allows you to give permissions to any user that can log in with a Tufts username and password. You can also create custom policies to specify exactly which individual(s), group(s), or role(s) to assign permissions to. 

    An example policy could be arts and sciences students

    The app permissions that can be assigned are:

    • Administer, design, and publish this app:
      • This allows users to edit, publish, and delete this app.
      • Set this permission for specific Tufts users that will work completely with you on building the app, such as your teammates.
    • Create documents in this app:
      • This allows users to submit this form.
      • Set this permission for any users that you plan to distribute the form to, such as the students submitting a research application.
    • Read documents in this app:
      • This allows users to view each document (submitted form). 
    • Access the documents list:
      • This allows users to view the list of submitted forms but not view any specific form.
    • Update documents in this app:
      • This allows users to make changes to any completed fields in a document (submitted form) that another user has submitted.
      • Note: Be very discriminate with whom you assign this permission to.
    • Delete documents in this app:
      • This allows users to delete any documents (submitted forms) from this app.
      • Note: Be very discriminate with whom you assign this permission to.

    You can edit your app's permissions at any point. Changing app permissions automatically saves - you do not need to republish your app.

    1. In your app, click the triple dots option menu next to your app’s name in the top left.
      The app name is in the top left of the screen
    2. Choose Permissions from the dropdown menu.
      Permissions is the second list item
    3. Under the policy you’d like to assign permissions to, check the appropriate box(es). It will turn green.
      Authenticated Users is one pre-created role
    4. To remove a permission from a role, click a green checkbox. The checkbox will clear, removing the permission.
    5. When finished, click the X in the top right of the permission screen. Policy changes save automatically.

    Kuali Build has three predefined policies:

    • Administrators: Users with full app permissions. By default, this is only you.
    • Authenticated Users: Any user that can log in to a Tufts login screen with a Tufts username and password.
    • All Anonymous Users: Anyone, including individuals outside of Tufts. Only assign anonymous users permissions to submit documents if needed.

    If you have other sets of individuals whom you’d like to assign different permissions to, you can create custom policies. 

    To create a custom policy:

    1. In your app, click the triple dots option menu next to your app’s name in the top left.
      The app name is in the top left of the screen
    2. Choose Permissions from the dropdown menu.
      Permissions is the second list item
    3. On the permissions screen, in the top right, click + Add Policy.
      Add Policy is a blue button
    4. Give your policy a short Policy Name and longer Description.
      Names should be short but clear
    5. At the bottom of the panel, use the four tabs and search in the textbox to add the users, groups, roles, and/or affiliations that should be in this policy. A policy can have any combination of these, e.g. all of staff, a single individual, and users in a group be in the same policy.
      • Users: Any individual user at Tufts.
      • Groups: All users in a school or department,, e.g. the Boston SMFA.
        • Note: If a new system level group is needed, submit a request to kuali-build-support@elist.tufts.edu
      • RolesAll users in a subset of a school or department, e.g. Boston Health Science Administrators.
      • Affiliations: All users with a specific Tufts affiliation, e.g. all faculty.
        You can combine different types of users into a single policy
    6. Click Save.
    7. Your new policy appears in the permissions list. Under the policy, check the permissions the users in this policy should have.
      permissions are granted vertically under a policy
    8. When finished, click the X in the top right of the permission screen. Policy changes save automatically.

    Kuali Build has three predefined policies:

    • Administrators: Users with full app permissions. By default, this is only you. You can edit users in this policy.
    • Authenticated Users: Any user that can log in to a Tufts login screen with a Tufts username and password. You cannot edit users in this policy.
    • All Anonymous Users: Anyone, including individuals outside of Tufts. Only assign anonymous users permissions to submit documents if needed. You cannot edit users in this policy.

    To edit users in a policy:

    1. In your app, click the triple dots option menu next to your app’s name in the top left.
      The app name is in the top left of the screen
    2. Choose Permissions from the dropdown menu.
      Permissions is the second list item
    3.   Click the name of the policy that you would like to edit.
      The name is what you originally called the policy
    4. At the bottom of the panel, use the four tabs and search in the textbox to add the users, groups, roles, and/or affiliations that should be in this policy. A policy can have any combination of these, e.g. all of staff, a single individual, and users in a group be in the same policy.
      • Users: Any individual user at Tufts.
      • Groups: All users in a school or department,, e.g. the Boston SMFA.
        • Note: If a new system level group is needed, submit a request to kuali-build-support@elist.tufts.edu
      • RolesAll users in a subset of a school or department, e.g. Boston Health Science Administrators.
      • Affiliations: All users with a specific Tufts affiliation, e.g. all faculty.
        You can combine different types of users into a single policy
    5. Click Save.
    6. When finished, click the X in the top right of the permission screen. Policy changes save automatically.

    Kuali Build has three predefined policies that you cannot remove:

    • Administrators: Users with full app permissions. By default, this is only you.
    • Authenticated Users: Any user that can log in to a Tufts login screen with a Tufts username and password. 
      • You can set this policy to have no permissions, effectively removing it.
    • All Anonymous Users: Anyone, including individuals outside of Tufts.
      • You can set this policy to have no permissions, effectively removing it.

    If you have created custom policies, you can remove them. 

    To remove a custom policy:

    1. In your app, click the triple dots option menu next to your app’s name in the top left.
      The app name is in the top left of the screen
    2. Choose Permissions from the dropdown menu.
      Permissions is the second list item
    3. Click the name of the policy that you would like to remove.
      The name is what you originally called the policy
    4. In the newly opened right side panel, choose Delete.
      Delete is red.
    5. If asked if you'd like to delete the group, choose OK.
    6. When finished, click the X in the top right of the permission screen. Policy changes save automatically.
      OK is on the right
    7. The policy is removed from the permissions table.
    8. When finished, click the X in the top right of the permission screen. Policy changes save automatically.