Hello all,
Customer is looking for having some application execution level restriction based on the role current user is having. Below is the use case -
Suppose a user can have both operator role as well as peer reviewer role. When the user is logging into TULIP system with Operator role, he/she can see certain number of Applications and can execute only those applications only.
Again, when the same user is logging into the system with Peer Reviewer role, he/she can see completely different sets of application and can execute only those applications.
Is there any configuration present in TULIP to achieve this use case?
Hello Biplab! Are you on a biweekly release or LTS13 at a minimum? We released a series of improvements in this area in the Fall of 2024, but you will need LTS13 at minimum to use them.
Hello Kevin,
Thank you for your response.
I’m aware of the USER GROUP functionality for building Apps. But my question is not related to create/edit/publish apps. I’m looking for the role restriction for executing those released apps.
I could be wrong, but as per my understanding, after releasing an app in production environment, USER GROUP or TULIP default roles or Custom roles will not provide any restrictions on viewing released app or executing a released app.
I’ve gone through some of the previous posts on the same topic and understood that I can have IF condition at the time of App start, and check user is present within USER GROUP. But this design will not be scalable if I’m having multiple apps. Also, I want to eliminate this IF checking at the first step itself. Whenever user will login with certain role (assuming there will be logging page, where user needs to select particular role), system automatically allow that user to see/execute only those apps which are allowed to him/user group.
Please correct me if my understanding is wrong and it will be very helpful if you provide any document/knowledge article to learn on this.
Your assessment is correct with latest features. Our recommended best practice to solve for this situation is to create a “routing app”, and then assign that as the default app to every station or station group.
Then, operators will only have one choice on app to select at the start- the routing app. Within that app, you can then define logic to route the user to different apps and check their credentials as you described. Does that make sense?
On our ancient LTS 8.2, we leverage Users Table Custom Fields to restrict access to apps - both for button transitions to apps and on app start, in case someone finds a creative way to arrive at an app they do not have authorization to execute.
For button trigger to transition to Calibrate app:
For Calibrate app “On App Start”:
