Question

Submitter rights description is vague. Questions on what rights submitters have.

Forms Version 10 Mobile

Updated January 29, 2019

asked on January 8, 2019 • Show version history

A Client made a table available for offline lookup but now the users are getting this error: "You do not have sufficient rights to view this page" when trying to update related tables from their mobile app, or when trying to save an offline copy. They have the submitter role, but if I change them to process admin there is no error. The submitter rights description does not mention either of these actions being allowed or not allowed. Is there a detailed breakdown of the security options for Forms? Are there any plans to allow further security customization in the security of Forms?

1 0

Replies

replied on January 29, 2019

What is your mobile and Forms version?

Both update related tables and save an offline copy will call two web API

1 GET /Forms/webapi/v1/form/{formId}/externaldatabases to get the offline table/view. It works for process admin. For submitter of message start step or task owner, it works only when "Allow user to save form offline in the Laserfiche app" is enabled. Otherwise will get "You do not have sufficient rights to view this page"

2 GET /Forms/api/lookup/lookup?formId={id} to get lookup rule in the process, this need process admin access right, " cause the error "You do not have sufficient rights to view this page" when current user is only submitter.

So it need process admin right to update related tables/save an offline copy

1 0

replied on January 8, 2019

I'm going to go out on a limb and say this doesn't sound like intended behavior. I'd suggest providing more detailed information about your setup. For example, are you using the LF App in the DMZ, have you tried the page from a DMZ instance of Forms, is the data source configured with a domain account or a SQL user, etc.

0 0

replied on January 9, 2019

Thanks for the response Jason. I do not believe this is a process issue. my specific request is for Laserfiche to provide a more comprehensive breakdown of what rights the three Forms security settings provide. The information on the Forms guide does not tell me if they should or should not have this feature as a submitter:

The Process Admin can modify the business process, see its results, and create reports for it. They can also reassign tasks from the results page. Additionally, process admins have the Submitter rights below.
The Business Manager can start processes; view, create, edit, and share reports; take snapshots; edit process instance names; cancel process instances; and complete and reassign tasks. Business managers cannot design processes or delete instances.
The Submitter can start processes, either by submitting a form or by starting a process manually. In the Completed Tasks section under My Tasks, submitters can also see information about processes they have participated in.

0 0

replied on January 9, 2019

Hi Drew,

Just to clarify, what I meant is that I do not believe rights are supposed to have this kind of impact. The submitter permissions listed in the documentation should be exactly as described and should not affect lookups.

0 0

replied on January 15, 2019

Can I get a response form Laserfiche on this issue? Should I open a support case?

0 0

replied on January 25, 2019

Hi Jason, Apologies for the late response. A support ticket will let someone provide more detailed insight.

0 0

You are not allowed to follow up in this post.

Question

Question

Submitter rights description is vague. Questions on what rights submitters have.

Replies

Sign in to reply to this post.