|
1 | | ---- |
2 | | -title: "Control access to model-driven app forms in Power Apps | MicrosoftDocs" |
3 | | -description: "Learn how to control access to main forms" |
4 | | -ms.custom: "" |
5 | | -ms.date: 06/18/2019 |
6 | | -ms.reviewer: "" |
7 | | -ms.service: powerapps |
8 | | -ms.suite: "" |
9 | | -ms.tgt_pltfrm: "" |
10 | | -ms.topic: "article" |
11 | | -author: "Mattp123" |
12 | | -ms.assetid: 15d123e0-b604-45dd-ab34-0b37787a04bb |
13 | | -caps.latest.revision: 33 |
14 | | -ms.author: "matp" |
15 | | -manager: "kvivek" |
16 | | -tags: |
17 | | -search.audienceType: |
18 | | - - maker |
19 | | -search.app: |
20 | | - - PowerApps |
21 | | - - D365CE |
22 | | ---- |
23 | | -# Control access to model-driven app forms |
24 | | - |
25 | | - There are two ways you can control access to main forms: |
26 | | - |
27 | | -- **Make a main form inactive** |
28 | | - |
29 | | - You can set an active or inactive state to main forms. This feature was included primarily to manage new forms included when Common Data Service environments upgrade but you can use it to prevent users from being able to use any main form. |
30 | | - |
31 | | -- **Assign security roles to the main form** |
32 | | - |
33 | | - Use this to make a main form available to specific groups. |
34 | | - |
35 | | - Different people in your organization may interact with the same data in different ways. Managers may depend on being able to quickly scan information in a record and service people may require a form that streamlines data entry. You can accommodate different requirements by assigning forms to the security roles that different groups of people belong to. |
36 | | - |
37 | | - For step-by-step procedures, see [Assign security roles to forms](https://docs.microsoft.com/dynamics365/customer-engagement/admin/assign-security-roles-form). |
38 | | - |
39 | | - When you have more than one main or other form type defined for an entity, you can select which forms users will be able to use based on their security roles. Because each entity must be able to display a form for any user, at least one form must be designated as a ”fallback” form – a form visible to users whose security roles do not have any forms explicitly assigned to them. |
40 | | - |
41 | | -> [!NOTE] |
42 | | -> Quick Create, Quick View, and Card forms can't be assigned to security roles. |
43 | | - |
44 | | - Within the form editor or from the forms grid you can assign security roles to a main form. However, if there is only one form for the entity, you will not be able to clear the **Enabled for fallback** option in the **Assign Security Roles** dialog box. In this case, even though you have assigned security roles to the form, anyone associated with a security role you did not include will still be able to view the form because it is enabled for fallback. |
45 | | - |
46 | | - After you create a second main form for the entity, you will be able to clear the **Enabled for fallback** option for one of them. The system will always make sure that at least one form is enabled for fallback. |
47 | | - |
48 | | - When you have more than one main form, you can specify a form order that will control which of the forms a person is allowed to see will be the one they see by default. If there is more than one form they can use, they can change forms and the form they choose will be their default form until they choose a different one. This preference is stored in their browser. If they use a different computer or browser they will see the original default form. |
49 | | - |
50 | | -## Strategies to manage the fallback form |
51 | | - Strategies to manage the fallback form include the following: |
52 | | - |
53 | | -<a name="BKMK_DoNotUseMultipleForms"></a> |
54 | | -### All users view the same form |
55 | | - If you do not require multiple forms for an entity you do not need a fallback form. |
56 | | - |
57 | | -<a name="BKMK_Contingecyform"></a> |
58 | | -### Create a contingency form |
59 | | - If you are using role-based forms because you want to restrict the information people might view or edit, consider creating a form that has a minimum of information displayed. Then, in the **Assign Security Roles** dialog box, select **Display only to these selected security roles**, but do not select any roles except System Administrator, and select **Enabled for fallback**. The result is that this form will never be seen by anyone except the System Administrator and anyone whose security roles have not been associated with a specific form. You could include a HTML web resource in the form with information about why little information is visible in the form and a link to information about how to request being added to a security role that is associated with a from or to include a new security role for a form. |
60 | | - |
61 | | -> [!NOTE] |
62 | | -> You can’t include a web resource in a form header or footer. |
63 | | - |
64 | | -<a name="BKMK_CreateGenericForm"></a> |
65 | | -## Create a generic form |
66 | | - If you use role-based forms to provide a customized experience based on a user’s role, you can set your least specialized form as the fallback form and configure it to display for everyone. Then, create customized forms for specific security roles and configure those forms to only display for security roles that require them. Do not enable these forms for fallback. Finally, in the **Forms** list use the **Form Order** dialog to specify which forms to display ranking them from most exclusive to least exclusive. Your fallback form will be at the bottom of the list. This strategy will cause people seeing the form that has been customized for their role as the default form, yet they can still use the form selector to select the most common form if they want. Whatever form they select will remain their default form until they select a different form. |
67 | | - |
68 | | -<a name="BKMK_UseFormScripting"></a> |
69 | | -## Use form scripting |
70 | | -The Client API form context (formContext) provides a reference to the form or to an item on the form, such as, a quick view control or a row in an editable grid, against which the current code is executed. More information: [Client API form context](/dynamics365/customer-engagement/developer/clientapi/clientapi-form-context) |
71 | | - |
72 | | -> [!IMPORTANT] |
73 | | -> The Xrm.Page object is [deprecated](/dynamics365/get-started/whats-new/customer-engagement/important-changes-coming#some-client-apis-are-deprecated), and you should use the [getFormContext](/powerapps/developer/model-driven-apps/clientapi/reference/executioncontext/getformcontext) method of the passed in execution context object to return reference to the appropriate form or an item on the form. |
74 | | -<!-- |
75 | | - Finally, in the web application it is possible, but not recommended, for a developer to use scripts in the form Onload event to use the [Xrm.Page.ui.formSelector.items collection](https://go.microsoft.com/fwlink/p/?LinkID=513300) to query available forms and use the navigate method to direct users to a specific form. Remember that the [navigate method](https://go.microsoft.com/fwlink/p/?LinkID=513301) will cause the form to load again (and the Onload event to occur again). Your logic in the event handler should always check some condition before you use the navigate method to avoid an endless loop or unnecessarily restrict users options to navigate between forms. |
76 | | - |
77 | | - This approach will not work for Dynamics 365 for tablets because multiple forms are not available for selection. --> |
78 | | - |
79 | | -### See also |
80 | | - |
81 | | -[Assign security roles to forms](https://docs.microsoft.com/dynamics365/customer-engagement/admin/assign-security-roles-form) |
| 1 | +--- |
| 2 | +title: "Control access to model-driven app forms in Power Apps | MicrosoftDocs" |
| 3 | +description: "Learn how to control access to main forms" |
| 4 | +ms.custom: "" |
| 5 | +ms.date: 06/25/2020 |
| 6 | +ms.reviewer: "" |
| 7 | +ms.service: powerapps |
| 8 | +ms.suite: "" |
| 9 | +ms.tgt_pltfrm: "" |
| 10 | +ms.topic: "article" |
| 11 | +author: "Mattp123" |
| 12 | +ms.assetid: 15d123e0-b604-45dd-ab34-0b37787a04bb |
| 13 | +caps.latest.revision: 33 |
| 14 | +ms.author: "matp" |
| 15 | +manager: "kvivek" |
| 16 | +tags: |
| 17 | +search.audienceType: |
| 18 | + - maker |
| 19 | +search.app: |
| 20 | + - PowerApps |
| 21 | + - D365CE |
| 22 | +--- |
| 23 | +# Manage model-driven app forms settings |
| 24 | + |
| 25 | +Power Apps forms settings are a set of capabilities that make it easy for model-driven app makers to configure how users will access forms in a solution or application. From **Form settings**, there are three different areas a maker can choose from: |
| 26 | +- [Set security roles for a form](#set-security-roles-for-a-form). |
| 27 | +- [Set the form order](#set-the-form-order). |
| 28 | +- [Set the fallback form for an entity](#set-the-fallback-form-for-an-entity). |
| 29 | + |
| 30 | +You can access form settings from the **Forms** tab in Power Apps or command bar in the form designer. |
| 31 | + |
| 32 | +## Set security roles for a form |
| 33 | + |
| 34 | + Different people in your organization may interact with the same data in different ways. Managers may depend on being able to quickly scan information in a record and service people may require a form that streamlines data entry. You can accommodate different requirements by assigning forms to the security roles that different groups of people belong to. |
| 35 | + |
| 36 | + When you have more than one main or other form type defined for an entity, you can select which forms users will be able to use based on their security roles. Because each entity must be able to display a form for any user, at least one form must be designated as a ”fallback” form – a form visible to users whose security roles do not have any forms explicitly assigned to them. |
| 37 | + |
| 38 | +> [!NOTE] |
| 39 | +> - Quick Create, Quick View, and Card forms can't be assigned to security roles. |
| 40 | +> - Another option makers have to control form access is to make a main form inactive. You can set an active or inactive state to main forms. This feature was included primarily to manage new forms included when Common Data Service environments upgrade but you can use it to prevent users from being able to use any main form. |
| 41 | + |
| 42 | +### Assign a security role to a form |
| 43 | +1. Sign into Power Apps, select **Solutions**, open the solution you want, select an entity, and then select the **Forms** tab. |
| 44 | +2. Next to the main form you want to configure the security roles for a form, select **...,** and then select **Form settings**. |
| 45 | +3. In the left navigation on the **Form settings** page, select **Security role**. |
| 46 | +4. Choose from the following options: |
| 47 | + - To set the security roles for every user select **Everyone**. |
| 48 | + - To set the access to the form for one or more specific security roles, select **Specific security roles**. Then, select the security roles you want to grant access from the list of security roles that have been set up for your environment. |
| 49 | + > [!div class="mx-imgBorder"] |
| 50 | + >  |
| 51 | +5. Select **Save and Publish**. |
| 52 | + |
| 53 | +## Set the form order |
| 54 | +When you have multiple main, quick create, quick view, or card forms for an entity, you can assign a form order. The form order determines which of the available forms will be shown by default. The available main forms can be further controlled by assigning security roles to the form. |
| 55 | + |
| 56 | +Notice that the form order does not set who can see the form, that is managed by setting security roles. More information: [Set security roles for a form](#set-security-roles-for-a-form) |
| 57 | + |
| 58 | +1. Sign into Power Apps, select **Solutions**, open the solution you want, select an entity, and then select the **Forms** tab. |
| 59 | +2. Next to the main form you want to configure the fallback form for, select **...**, and then select **Form settings**. |
| 60 | +3. In the left navigation on the **Form settings** page, select **Form order**. |
| 61 | +4. Select the form set that you want, such as **Main Form**, **Quick Create Form**, **Quick View Form** or **Card Form**. |
| 62 | +5. Change the order by dragging and dropping the form up and down the list in the order you want it to be shown to your users. You can also use these keyboard shortcuts: Tab/Tab + Shift to move the focus, Space to select or release a form, and Down/Up arrow keys to move a form. Select **Save and publish**. |
| 63 | +  |
| 64 | +To set the form order using solution explorer, see [Assign model-driven app form order](assign-form-order.md). |
| 65 | + |
| 66 | +## Set the fallback form for an entity |
| 67 | +Setting the fallback form for an entity is important to ensure that if a user does not have any assigned security roles or there are no assigned security roles for a main form type there is always a “default” form that will show for that entity. Fallback forms are only available with main forms and don't apply to quick create, quick view, and card forms. |
| 68 | + |
| 69 | +There are a few different strategies to consider when you manage the fallback form for an entity. |
| 70 | + |
| 71 | +### All users view the same form |
| 72 | +If you do not require multiple forms for an entity you do not need a fallback form. |
| 73 | + |
| 74 | +### Create a contingency form |
| 75 | +If you are using role-based forms because you want to restrict the information people might view or edit, consider creating a form that has a minimum of information displayed. Then, select specific security roles, but do not select any roles except System Administrator. The result is that this form will never be seen by anyone except the System Administrator and anyone whose security roles have not been associated with a specific form. You could include a HTML web resource in the form with information about why little information is visible in the form and a link to information about how to request being added to a security role that is associated with a from or to include a new security role for a form. |
| 76 | + |
| 77 | +### Create a generic form |
| 78 | + If you use role-based forms to provide a customized experience based on a user’s role, you can set your least specialized form as the fallback form and configure it to display for everyone. Then, create customized forms for specific security roles and configure those forms to only display for security roles that require them. Do not enable these forms for fallback. Finally, in the **Form settings** configure the **Form order** to specify which forms to display ranking them from most exclusive to least exclusive. Your fallback form will be at the bottom of the list. This strategy will cause people seeing the form that has been customized for their role as the default form, yet they can still use the form selector to select the most common form if they want. Whatever form they select will remain their default form until they select a different form. |
| 79 | + |
| 80 | +### Set the fallback form for an entity |
| 81 | + |
| 82 | +1. Sign into Power Apps, select **Solutions**, open the solution you want, select an entity, and then select the **Forms** tab. |
| 83 | +2. Next to the main form you want to configure the fallback form for, select **...**, and then select **Form settings**. |
| 84 | +3. In the left navigation on the **Form settings** page, select **Fallback forms**. |
| 85 | +4. To disable a form from the fallback order, clear the checkbox. In this example the **Information** form will be removed from the fallback order. |
| 86 | + > [!div class="mx-imgBorder"] |
| 87 | + >  |
| 88 | + To enable a form for fallback select the checkbox next to the form to enable it. |
| 89 | +5. Select **Save and publish**. |
| 90 | + |
| 91 | +## Use form scripting |
| 92 | +The Client API form context (formContext) provides a reference to the form or to an item on the form, such as, a quick view control or a row in an editable grid, against which the current code is executed. More information: [Client API form context](/dynamics365/customer-engagement/developer/clientapi/clientapi-form-context) |
| 93 | + |
| 94 | +> [!IMPORTANT] |
| 95 | +> The Xrm.Page object is [deprecated](/dynamics365/get-started/whats-new/customer-engagement/important-changes-coming#some-client-apis-are-deprecated), and you should use the [getFormContext](/powerapps/developer/model-driven-apps/clientapi/reference/executioncontext/getformcontext) method of the passed in execution context object to return reference to the appropriate form or an item on the form. |
| 96 | +
|
| 97 | +### See also |
| 98 | + |
| 99 | +[Overview of the model-driven form designer](form-designer-overview.md) |
0 commit comments