Security

From the Security menu, you can design a multi-layered access control system for your solution.

Security is an important and integral part of the Appfarm Platform. The platform features mechanisms for protecting your apps against common security threats such as the OWASP Top Ten. If you are interested in general platform security and compliance, please read our article on the policies page.

While many aspects of security are in place by default, many are also configurable and require adherence to standard security practices in your apps and services.

Overview

Users and access control in Appfarm Create are handled as follows:

  • A user is a person with access to your solution and/or your apps.

    • Both developers with access to Appfarm Create and client users are considered users. Client users are end-users that only have access to the apps you've made.

    • A user exists across all environments, so a user created in Test also exists in Production.

    • Users can be managed in Appfarm Create, or via an app or service using dedicated action nodes.

  • Users are assigned one or more roles.

  • Roles are granted permissions. The sum of a user's permissions determines their access.

Additionally, service accounts are available for non-human and unauthenticated users. Service accounts are assigned roles in the same way as users.

In general, you should carefully define which permissions each role has and what users have those roles. This includes what data they can access and data operations they can run, as well as which apps and services they have access to. Additionally, you should keep data security in mind when creating your apps. Use filters to limit the data read into data sources and conditions to show and hide functionality.

Last updated