Restrict Access via the Direct Edit Link System
The Direct Edit Access link is used to provide a direct link to your end users, so they can edit a single record in your database This is done through a GUID value (a guarenteed unique ID). To improve the security profile of your form, you can disable this feature if you are not using it. You can also configure this feature to be conditional based on a value in the record. This can be useful when you want to allow Direct Edit Access at a specific point in time, but revoke that right after the record is updated.
How to Disable the Direct Edit Access Feature
- Open your form in the Form Designer
- From the top menu bar, choose Settings > Security
- In the Security window, shown below, check the Disable ALL Direct Edit Access checkbox to disable all Direct Edit Access to your form.
Conditionally Disabling Direct Edit Access
Direct edit access can be useful when you want to send an end user an email with a link they can click and follow to gain access to edit a previously submitted record, or one you "started" for them on their behalf. Sending the Direct Edit Link via email is fine when the data does not contain sensitive information, but once it does, that link needs to be invalidated.
The ability to conditionally disable the Direct Edit Link provides a way to create a rule to disable access via this link based on some criteria. So, for example, once the end user had submitted sensitive details, your rule could check for that condition and disable access.
Creating a Direct Edit Access Denied Condition Rule
- Open your form in the Form Designer
- From the top menu bar, choose Settings > Security
- In the Security window, shown below, click the "Edit Rule" button and create the filter, that when matched, will result in denied access.
0 Comments