When you access a WorkflowFirst application the user is logged on using a guest account. By default the guest account is enabled, but it can be disabled forcing the user to login through a setting on the Application record.

When the user logs in, they can then only use the application according to the restrictions defined for their user.

These restrictions are defined based on the selection of something called 'roles'. Each role has one or more permissions that describe how it can access a certain area in the application.

The roles are defined when designing the application in WorkflowFirst. The users and their roles, however, are defined when using the application. That's because the roles typically are defined when you create the application, but the users and their permissions may change frequently.

Each security permission applies to a specific location in the data model, and applies one or more access restrictions.

These permissions can be hierarchical, so that they apply not just to the area where you apply it, but also every nested type below that in the data model hierarchy.

An example of the relationship between these concepts is depicted below:


Next Topic: Logging In