1. Home
  2. Workflow, Triggers & Security
  3. Security: Using Anonymous Access

Security: Using Anonymous Access

By default, all users who want to access any aspect of GW Apps need to have a valid login and be setup as a GW Apps user at some level. Anonymous Access is a feature that offers the ability for records to be created and edited by anonymous users via a URL link. This feature is useful for taking surveys or sharing non-sensitive information with customers, clients, etc. (It is similar to sharing access to files with people via a link in Google Drive, One Drive, box, etc.)

There are 3 main aspects to setting up anonymous access for a form in an app:

 1 Enabling anonymous access for your environment via Platform Settings
 2 Setting anonymous access for the chosen form(s)
 3 Setting anonymous user access rights to the created records. [Optional]

Details for each step are outlined below:

1.  Enabling Anonymous Access

To access the App Users screen, go to: Platform Properties > General. (To access Platform Properties, click on your avatar in the top right corner and select Platform Properties. If you do not see the option, you are not setup as a platform administrator.)

General Platform Properties
Item Description
Anonymous Access Enabling this feature will offer the ability for records to be created and edited by anonymous users via a URL link. Enabling this setting does not directly give anonymous access to anything in the application. It simply makes the anonymous feature available to application designers when they are working with forms. If it is disabled, no application in the organisation’s GW Apps domain can utilize the anonymous feature.

With it disabled, the default, only users with a valid GW Apps login and who are in a role named in the ‘Role Access’ field for a specific form will be able to create new records. Also, with it disabled, only users with a valid GW Apps login and who are in a role named in roles in the workflow of a specific form will be able to see that form’s records.

2.  Setting Anonymous Form Access

To add a new user to the application, click on the + Add User button at the top of the users list. You will then see the following dialog:

Anonymous Access Form Setting
Item Description
Anonymous Access Enabling this feature will offer the ability for records to be created and edited by anonymous users via a URL link. With it disabled, the default, only users with a valid GW Apps login and who are in a role named in the ‘Role Access’ field will be able to create new records.

Once the Anonymous Access setting has been enabled, you will see the following additional settings:

Settings Tab – Anonymous Access Details
Property Description
Who can Create New Records
Role Access Select the role or roles that are allowed to create new records with this form.
Anonymous Access Enabling this feature will offer the ability for records to be created and edited by anonymous users via a URL link. With it disabled, the default, only users with a valid GW Apps login and who are in a role named in the ‘Role Access’ field will be able to create new records.
Public URL Select the role or roles that are allowed to create new records with this form.
What to do when an anonymous users submits a record Select ‘Display Message’ to have a message displayed on screen but the user stays on that record in GW Apps. Select ‘Redirect User to New URL’ to have the user redirected to a new web page.
    Submission Message Displays if ‘Display Message’ is selected. Enter the text for the desired message.
    Redirect URL Displays if ‘Redirect User to New URL’ is selected. Enter the URL for the web page you would like users redirected to.

3.  Setting Anonymous Access Rights

Once a form has been enabled for anonymous sues, the Anonymous role become available for use in the ‘Who can Create New Records’ setting and on the ‘Security’ tab of the Form Editor. It can be used just like any other role, and will allow anonymous users to have the defined right.

Using the Anonymous Role

Be Cautious when Using Anonymous Access

As there can be no way for GW Apps to know one anonymous user from another, they are all treated the same. As an example, say you created a record and gave Anonymous permission to view and edit the record, and then sent the record link to that person. They could use that link to access and edit the record as you intended. However, if somebody else got hold of that link, they could also see and edit the record. (This is exactly the same situation as setting a file on Google Drive to ‘Anyone with the link’ – Anybody who has the link can access that file.)

Because of this, anonymous access shouldn’t be used for forms that store any kind of sensitive or proprietary information. However there are many valid use-cases that anonymous access is suited for. Just be careful not to  enable it without due consideration, and allow unwanted access to your data.

Next Steps

Below are links to articles that cover the other main areas of application security:
Security: App Designers
Security: Adding Users & Roles
Security: Managing Role Members
Below is the link to the episode of Building an Expense Reports App tutorial series that include descriptions of setting up security:
Part 6 – Expense Reports App – Security
Updated on September 30, 2019

Was this article helpful?

Related Articles