Permissions define granular access rights to apps, services, data, environments and functionality within Appfarm Create.

Permissions are granted to roles which are in turn assigned to users. You must configure permissions for each new role that you create so that end-users can access and use your apps.


Grant access to a given app. You must assign this permission if you create a new app.


Grant access to a given service.

  • If a service is run from a schedule, the service account that triggers the schedule must have a role with access to the service.

  • If a service is run via a call from an external application, the service account holding the API key must have a role with access to the service.

  • If a user can run a service from within an app, they need a role with access to the service.

Object classes

Select which data operations a role has access to, for each object class in your solution.

When you create a new object class, only the built-in roles have access by default. So you must grant access to the appropriate roles.

Additionally, when you add a new role, they have no object class permissions at all, so you must grant the required permissions.

These permissions can also be configured when editing an object class in your Global Data Model.

Best practice

Be restrictive, and don't grant permissions that a role doesn't need.

Login access

Grant access to a given environment. For example, you might have a role for testing which only needs access to the Test environment.

Good to know

The built-in roles do not have access to Test, Staging, or Production.

If you've created a custom role that needs access to Appfarm Create, that can also be granted under Login access.

Accounts and Roles

Manage permissions for adding, updating, and deleting users, service accounts, and individual roles. This includes assigning and removing roles.

If you have functionality in your apps or services for adding, modifying, or deleting users, the appropriate permissions must be granted here.

Good to know

When performing user management operations from inside an app or service, the built-in role privileges are not valid.


Advanced permissions include privileges within Appfarm Create. Typically, you would only use these if you create a custom role which requires access to Appfarm Create.

These permissions allow you to tightly control which parts of Appfarm Create that role has access to. For example, to allow access to only one specific app or restrict deploying to Production.

This is also where you can grant a role the permission Update Secret from Service. This is required when you have a service run by a schedule that fetches an authentication token from an external API and stores that token in a secret.

Last updated