Skip to main content

Security rules example: Creating QMC organizational admin roles

ON THIS PAGE

Security rules example: Creating QMC organizational admin roles

In this example, you organize the administration of access rights for your departments by doing the following:

  • Creating an administrator for each department
  • Providing each administrator with full access rights to content created by users belonging to that department

To create the organizational admin roles you need to create new security rules and you will use custom properties to connect the roles to the apps.

Security rules
Security rule The result of the rule
DepartmentAdminQmcSections Controls which sections in the QMC that are to be visible to the administrator.
DepartmentAdminApp Controls which resources the administrator is authorized to manage.

Procedure

  1. Create a new custom property:
    1. Name the property Department.
    2. Under Resource types, select Apps, Reload tasks, and Users.
    3. Click Create new and enter the value Finance.
    4. Click outside the Values area.
    5. Click Create new and enter the value Sales.
    6. Click Apply.
  2. Create the new security rules (DepartmentAdminQmcSections and DepartmentAdminApp): 

    1. Select Security rules and click Create new Create new.
    2. In the Advanced and Basic sections, fill in the fields Resource filter, Conditions, Actions and Context as per Security rule code
  3. Apply the role to the admin users for the departments (repeat this step for all the administrators you want to add): 

    1. Select Users, select a user and click Edit.

    2. Click Create new under Admin roles and select DepartmentAdmin.
    3. At Custom properties you select value (Sales or Finance) for your custom property Department.
    4. Click Apply.

  4. Select the apps that the organizational admin user should be able to administer:

    1. Go to the QMC start page > Apps, select apps and click Edit.
    2. Select value (Sales or Finance) for your custom property Department.
    3. Click Apply.

You have now created and assigned the organizational admin role.

Security rule code

The following is the security rule code for this example, with explanatory comments:

Security rule code for "DepartmentAdminQmcSections"

Security rule code information for DepartmentAdminQmcSections
Field Code Comments
Resource filter QmcSection_Stream,QmcSection_App,QmcSection_App.Sheet, QmcSection_App.Story,QmcSection_Tag, QmcSection_Task, QmcSection_ReloadTask, QmcSection_Event, QmcSection_SchemaEvent, QmcSection_CompositeEvent

Specifically filters on streams, apps, sheets, stories, tags, tasks, and triggers.

Conditions user.roles = "DepartmentAdmin"

The rule will apply to all users that have the user role set to DepartmentAdmin.

Actions read Read action will be granted provided that the conditions are met.
Context Only in QMC The rule is only valid when you use the QMC.

Security rule code for "DepartmentAdminApp"

Security rule code information for DepartmentAdminApp
Field Code Comments
Resource filter App*,ReloadTask_*,SchemaEvent_*,Tag_*,CompositeEvent_*

Specifically filters on apps, sheets, stories, tasks, tags and triggers.

Conditions user.roles="DepartmentAdmin" and resource.@Department=user.@Department and (resource.resourcetype="App" or (resource.resourcetype="ReloadTask" or resource.resourcetype="App.Object") or resource.resourcetype="SchemaEvent" or resource.resourcetype="CompositeEvent" or resource.resourcetype="Tag")

The rule will apply to all users that have the user role set to DepartmentAdmin.

Actions create, read, update, delete, publish The actions will be granted provided that the conditions are met.
Context Only in QMC The rule is only valid when you use the QMC.