App Studio
App-Level Access
The app-level access gate is the first security check — before any page loads. It defines which tenant roles are allowed to open the app at all. Users who don't qualify receive a 403 and see no app UI.
App Access Config
App access is configured in the App Settings panel under the Security tab. The key field is allowedRoles:
// App config (in App Studio settings)
{
"appId": "crm",
"name": "CRM Application",
"tenantId": "acme",
"access": {
"allowedRoles": ["admin", "sales", "sales-manager"],
// Empty array [] means open to all authenticated users in the tenant
// Non-empty array means ONLY users with at least one matching role
}
}
Open vs. Restricted Access
| Mode | Config | Who can open the app |
|---|---|---|
| Open (tenant-wide) | "allowedRoles": [] | Any authenticated user belonging to the tenant |
| Restricted | "allowedRoles": ["admin", "sales"] | Only users with the "admin" OR "sales" role |
| Single role | "allowedRoles": ["admin"] | Only admin-role users |
Role match is OR, not AND
A user needs at least ONE of the listed roles, not all of them. If you need a user to hold multiple roles to gain access, use a custom
visibilityExpression at the page or widget level.
What Happens on Access Denied
When a user navigates to an app URL and fails the access check:
- The backend returns HTTP 403
- The App Studio shell renders a "You don't have access to this application" screen
- No app data, pages, or widgets are loaded
- The user is not shown which roles would grant access
Configuring App Access in App Studio Designer
1
Open the app in App Studio Designer
2
Click the App Settings icon in the top toolbar (gear icon)
3
Navigate to the Security tab
4
Under Allowed Roles, add or remove role names. Leave empty for open access.
5
Click Save. The change takes effect immediately (no republish needed for access settings).
App Access vs. Authentication
App access control assumes the user is already authenticated. The authentication check (is this user logged in?) happens at the platform level before App Studio is involved. App Studio only checks roles — it does not handle login or session management.
// The check sequence for every app load:
1. Is the user authenticated? (Platform / Passport — NOT App Studio)
No → redirect to login
Yes → continue
2. Does the user belong to the correct tenant? (Platform — NOT App Studio)
No → 403
Yes → continue
3. Does the user have a required app role? (App Studio — allowedRoles check)
No → App Studio 403 screen
Yes → app loads, page visibility and widget visibility checks follow