Guidelines for app users and user permissions
Learn about the three users that are required for uploading and running an app.
There are three users involved in uploading and running an app:
- User that uploads the app. This is often the admin, but can be any Guardium® user with the permission: Ecosystem Application Lifecycle role. This user has access to .
- User that runs the app (within Guardium). This user is specified when you upload the app in the page. This user must have permissions to the GuardAPI, and any functions required by the app. Apps should not be run with the user that uploaded the app. This is against best practice. It is highly recommended to create a user for each app, and give each app user only the minimal roles it requires. App developers are expected to document the required permissions for their published apps.
- User that views the app output under Applications
in the navigation menu. You select the security roles using the Assign Roles
button in . Users that have one (or more) of the specified security roles can view the app
output.CAUTION:An app may expose functionality or data to the app viewers, using the app permissions, that otherwise was blocked for those app viewers.