I have a setup with Basic authentication. I have created two roles for testing: HR and AP. When I set the permissions in form-builder-permissions.xml, the system successfully hides all other applications other that the one assigned. However, when accessing the form runner (localhost/orbeon/fr/), this allows the user to only modify the application pertaining to the role associated. However, it also list all other available applications. Is it possible restrict the view similar to form builder? So that when a user access form runner they can only see and modify the application that they have assigned and hide all other applications?
Yes: permissions in Form Runner, whether to see the list of forms on the
Form Runner home page (`/fr`), or to created and edit forms, are set by form
authors in Form Builder through the Permissions dialog. There you can set,
for each form, what roles can do what. You can find more about this on the
page linked below, and you'll let me know if this works for you.