# Applications

The "Application Security" allows administrators (OE\_ADMIN and "ovaledge.role.admin") to define granular access controls within the application. It ensures:

* **Least Privilege:** Users only access authorized modules and features based on their roles.
* **Reduced Risk:** Limits exposure of sensitive information to unauthorized users.

**Customization Examples:**

* Restrict access to specific Data Catalog tabs (e.g., Reports, Report Columns) for users like Business Intelligence analysts who don't require features like APIs or Databases.
* Hide unnecessary sub-modules or functionalities based on user roles and needs. For example, Business users will have limited access to modules and what they can do.

  <figure><img src="https://content.gitbook.com/content/hTnkoJQml0pok9awFDhx/blobs/BOCLNWq7YgXTB70O3mfg/image.png" alt=""><figcaption></figcaption></figure>

OvalEdge's Application Security allows administrators (OE\_ADMIN and "ovaledge.role.admin") to implement two methods for granular access control:

* **License-Based Permissions (Broad Control):**
  * Configure default access for "Viewer" license holders (e.g., restrict or allow access to specific tabs or modules for all viewers).
  * Ideal for controlling access to entire modules or sections based on license type.
* **Role-Based Permissions (Precise Control):**
  * Define authorized roles for specific tabs or modules.
  * Grant or revoke access to specific functionalities based on user roles.
  * Perfect for tailoring access to individual user needs within a role.

**Example:**

A Business Intelligence analyst primarily uses the "Reports" tab in the Data Catalog. By leveraging role-based permissions, users can hide the "Tables" tab, preventing unnecessary confusion for this user and similar profiles.

OE\_ADMIN ("ovaledge.role.admin") Privileges:

* Manage Role-Based Access (add/remove)
* Control Viewer Access (turn on/off)
* Reset Application Security Permissions (restore defaults)

## Bulk Update

Administrators can assign or revoke access to multiple modules or submodules for multiple roles simultaneously. This enhancement reduces manual effort and improves administrative efficiency.

**To perform a bulk update:**

* Select the required Application Names.
* Click the 9-dot menu and choose one of the following options:
  * **Update Authorized Roles:**\
    Assign access permissions to one or more roles at once. This option ensures consistent access control across multiple modules or submodules.
  * **Remove Authorized Roles:**\
    Revoke access from one or more roles in bulk. This option helps eliminate outdated or unnecessary permissions efficiently.