An introduction to the user extension and how it can be used in your app.
The User extension is how you can add the concept of registered users and group-based security to your application. By including the User extension, users can register and login to the application, and you (or the admins) have control over which types of users can access pages or manage data.
The User extension is tightly coupled with the Security feature, since they both are used to control access to the app. User takes advantage of the access control and login page which are provided as part of Security, and then extends upon them to give you greater control.
What can it be used to do?
Without adding in any custom code, the User extension can be used for any situation where you need registered users and to control who can do what. You can use it for:
- Any situation where the users need to login with an account
- Controlling access to specific pages based on a login
- Making sure only certain types of users can create/edit/delete data
What is it not suitable for?
- Limiting an individual’s access to do something
- Creating a list of contacts
- Capturing someone’s data in a form
For more information about the User Extension and how to know if you need it, have a read of our Identifying Users article.
Features of the User extension
User groups & access control
As part of the User extension, you can create an unlimited number of user groups and provide varying levels of access to each of them. Using the Security diagram, for each group you can choose which pages they can view, along with which entities they can create, view, update, and delete data for.
For example, you can configure it so that visitors can only view the home page of the app, while normal users can access all the main pages, and then give your administrators access to the back-end of the app, all in a few clicks!
Sample Security diagram configuration where administrators can access everything, staff can access certain pages, and visitors can access nothing.
If you include the User extension in your app, it automatically includes the ability to allow users to register their own accounts. This can be very helpful when you want to allow people to sign-up in a public facing app. However, this can be turned off using custom code if it is not something you need.
To allow visitors to register for an account with a specific user group you must first allow visitors to be able to create that type of user in the Security diagram.
When the User extension is part of an application, user management screens are included as part of the application’s back-end. This can be accessed by the ‘User management’ button in the back-end menu, when you are logged in as a user with back-end access.
From here, you can look at the different user groups, view a list of all users in that role or group, and create, edit and remove the different users of each type.
Why you get User by default
Unlike the other extensions, the User extension is included in your app out of the box, as the apps come with a user already included in them: the super user. The super user is only available on your local machine; if you release your app to production, it will not exist there. This is done to make sure when you run your app for the first time, you will be able to login, access the back-end, and make some more suitable user accounts which you can log in with.
Due to this setup, your app comes with all the bells and whistles from the beginning; to use the User extension properly, you only need to add in user groups and configure their access in the diagrams.
We do recommend that every application has an Administrator user group (or equivalent) who has access to the back-end, so they can manage the data and configure the extensions.
When the User extension is added to an entity, it will add in additional attributes which aren’t shown on the diagram. The specific attributes which are included will vary between bots (see below), so we recommend that you have a look at the database after building, to make sure you don’t have any unnecessary attributes in your diagram.
Fields included when adding the User extension