Introduction

Anonymous user access can be used in several scenarios, one of them being and embedded application running on a 3rd party public website.

Enabling Anonymous Access in System Settings of FM-Access

To change these settings and enable anonymous access, please go to

Administrative Panel → System → System Settings → Other → Anonymous Access

Open

Enabling Anon client in KeyCloak Management Console

By default KC creates for each realm HDC Anon Client - which has parameter enabled set to false.

Open

To enable it, click on HDC Anon Client  and set property Enabled to True

Data availability for Anonymous Users

For ease of management, anonymous sessions have the same privileges as a user selected in configuration.

Even though a basic privileges are the same as for this user, there are some important limitations that cannot be changed.

Anonymous user has only access to several services that allow for viewing of Documents:

• basic system configuration and parameters

• drawing structure

• macro resolver

• icons

• basic object properties (metadata)

• dynamic labels

• presentations

Anonymous access is always read-only. No changes in data are allowed regardless of security settings for selected user.

Even taking that into account, it is advised to use minimum required privileges for a user that will be used for anonymous access. 

Anonymous user should have appropriate (no) Sikkerhetsinnstillinger applied, that include specific object class access and only selected fields available ((no) Feltnivåsikkerhet (FLS)) 

Creating anonymous sessions

When this configuration is enabled, accessing a dedicated URL will create an anonymous session and allow access to application and data.

Accessing this URL will at the same time create a new session and return client application code.