Hi,
How to figure out web user restriction based on application ?:
Let me explain:
Thanks for your help
Hi Babacar
Sorry for the delay in answering your question and thanks for sending it to
the forum!
CommCareHQ has a feature that allows you to set permissions for web users
to access different reports, data, user management and application building
in general. However, I believe this feature does not actually allow you to
set web user permissions for specific applications. So in your example, no,
right now we do not have the feature that allows Supervisor to see only
apps 1 and 2.
Perhaps if I'm wrong, others can jump in to confirm.
Maybe you can describe in more detail what you are trying to achieve and we
can give more advice on how you might be able to organize your apps or
users to make it possible.
Cheers,
Mohini
Hello both,
I'm wondering if this has since changed and if we would be allowed to restrict access to a particular application for specific web users. I try to set up multiple applications within a project space and there are some applications that will harbor sensitive data that should not be accessible by all web users within my project space. I would appreciate your support and guidance on this.
Cheers,
T.
The short answer is no, this hasn't changed. Web users can't be restricted access to specific applications. Mobile workers can, however, if you use those (via the "Web Apps Permissions" page on the users tab). FYI this is an area of active development, so you may see some changes here over the coming months.
You may also be interested in this feature to restrict access by location:
https://dimagi.atlassian.net/wiki/spaces/commcarepublic/pages/2143946275/Location-Based+Data+Access+and+User+Editing+Restrictions
I am curious to know if there has been any progress on this!!! Waiting for this feature to protect apps 
I have an update on this - you can now restrict access to web apps using user roles:
Web and Mobile users can be managed in the same way. You can choose to grant a role access to no apps, all apps, or a specific set of applications.
Hope this is helpful!
That's a much more intuitive way of managing this than case sharing groups
Actually Ethan, we cannot assign these roles to mobile workers. so how would that work?
@Mazz you should be able to assign any role to mobile workers except I think "Admin":
Mobile workers are auto-assigned the role "Mobile Worker Default," which is configurable like any other role, but you can also create and assign new roles. Do you not see that field on the "Edit Mobile Worker" page? I believe it should be there as long as your user has permission to assign those roles and the user you're editing is not the one you're logged in as.
Ah I see it now! Must have just missed it
This looks great! However, when I click "Limited Access," I don’t see the full list of applications created under that project. Do you have any idea why this might be happening?
are you sure they're all webapps?
Thanks Mazz. My mistake, setting them as web apps allowed them to appear in the list. However, I wanted to restrict users from editing certain apps while allowing others to be editable. Unfortunately, this isn’t possible with the current settings. By default, I can either allow users to edit/view apps or completely hide apps from them.
yeah for now at least this is a global setting. there isn't a feature to restrict app edits
