Microflow, Page, and Nanoflow Access

Document-level access controls which module roles can execute microflows and nanoflows or view pages. Without an explicit grant, a document is inaccessible to all roles.

Microflow Access

GRANT EXECUTE ON MICROFLOW

GRANT EXECUTE ON MICROFLOW <Module>.<Name> TO <Module>.<Role> [, ...];

Examples:

-- Single role
GRANT EXECUTE ON MICROFLOW Shop.ACT_ProcessOrder TO Shop.Admin;

-- Multiple roles
GRANT EXECUTE ON MICROFLOW Shop.ACT_ViewOrders TO Shop.User, Shop.Admin;

REVOKE EXECUTE ON MICROFLOW

REVOKE EXECUTE ON MICROFLOW <Module>.<Name> FROM <Module>.<Role> [, ...];

Example:

REVOKE EXECUTE ON MICROFLOW Shop.ACT_ProcessOrder FROM Shop.User;

Page Access

GRANT VIEW ON PAGE

GRANT VIEW ON PAGE <Module>.<Name> TO <Module>.<Role> [, ...];

Examples:

GRANT VIEW ON PAGE Shop.Order_Overview TO Shop.User, Shop.Admin;
GRANT VIEW ON PAGE Shop.Admin_Dashboard TO Shop.Admin;

REVOKE VIEW ON PAGE

REVOKE VIEW ON PAGE <Module>.<Name> FROM <Module>.<Role> [, ...];

Example:

REVOKE VIEW ON PAGE Shop.Admin_Dashboard FROM Shop.User;

Nanoflow Access

Nanoflow access uses the same syntax as microflow access:

GRANT EXECUTE ON NANOFLOW Shop.NAV_Filter TO Shop.User, Shop.Admin;
REVOKE EXECUTE ON NANOFLOW Shop.NAV_Filter FROM Shop.User;

Viewing Document Access

SHOW ACCESS ON MICROFLOW Shop.ACT_ProcessOrder;
SHOW ACCESS ON PAGE Shop.Order_Overview;

Typical Pattern

After creating documents, grant access as part of the same script:

-- Create the microflow
CREATE MICROFLOW Shop.ACT_CreateOrder
BEGIN
  DECLARE $Order Shop.Order;
  $Order = CREATE Shop.Order (Status = 'Draft');
  COMMIT $Order;
  RETURN $Order;
END;

-- Grant access
GRANT EXECUTE ON MICROFLOW Shop.ACT_CreateOrder TO Shop.User, Shop.Admin;

-- Create the page
CREATE PAGE Shop.Order_Edit (
  Params: { $Order: Shop.Order },
  Title: 'Edit Order',
  Layout: Atlas_Core.PopupLayout
) { ... }

-- Grant access
GRANT VIEW ON PAGE Shop.Order_Edit TO Shop.User, Shop.Admin;

mxcli Documentation