Delegated Developers

Delegated developers are non-administrator users and groups which are assigned one or more permissions to develop applications

Each permission grants one or more delegated develop ment-specific roles to retain control over the system without having the admin role

Delegated developers can be granted the following permissions:

  • All File Types: Grants the developer access to all application file types including some not granted by the other options
  • Integrations: Grants the developer access to web service APls, REST APls, and data sources
  • Reporting: Grants the developer access to reports and scheduled reports
  • Workflow: Grants the developer access to the Workflow Editor and Activity Creator
  • Service Catalog: Grants the developer access to catalog related file types such as catalog items, record producers, and variables
  • Flow Designer: Grants the developer access to the Flow Designer design environment to create flows and actions. Script action steps require the Allow Scripting permission
  • Service Portal: Grants the developer access to Service Portal editors and tools
  • Tables & Forms: Grants the developer access to model and layout related file types such as table columns, form layout, and list layout
  • Manage ACLs & Roles: Grants the developer access to security-related file types such as access controls and user roles
  • Allow Scripting: Grants the developer write access to script fields such as those in business rules, client scripts, and Flow Designer script action steps

To manage delegated developers, navigate to

System Applications > Applications

, open the application record, then click on Manage Developers.

Application administration allows organizations to protect sensitive application data by restricting how users acquire application-specific roles

Application developers and administrators can use application administration to:

  • Prevent \in authorized users from accessing sensitive data such as financial records or personally identifiable information
  • Restrict who can assign application roles
  • Prevent _admin users from assigning themselves access or bypassing existing access controls to a protected application

You can enable application administration from the application record and restrict the assignment of application roles from the user role record. Application developers should enable application administration after completing application development and before adding application records.

The application's administration role only allows users access to the application and does not include any other admin role. Someone must assign an application user an admin role before that user can perform typical administration tasks such as configuring form and list layouts, making changes to application tables and fields, and assigning the application admin role to new users

If you do not want the application administrator to have the admin role, the application administrator can make themselves a delegated developer. Once a delegated developer, the application administrator can perform a subset of administrative tasks without having the admin role.

Additionally, admin users can be prevented from

  • Assigning themselves a protected application role or to a group containing said role
  • overriding or bypassing existing access controls to a protected application by creating new access controls • Impersonating or changing the password of users who have a protected application role
  • Inheriting a protected application role
  • Running scripts that access protected application records

results matching ""

    No results matching ""