Multiple permissions for complex user events
When you work with complex user events, you usually need more than one rule to account for all requirements. The following permission examples involve two or more rules, addressing different resource types, conditions, and actions. In the tables, each task is presented together with the required actions.
Import, Start user sync task, Start reload task
Task | App | Data Connection | UserSyncTask | ReloadTask | UserDirectory |
---|---|---|---|---|---|
Import | Create and Update | Create (if there is a new data connection in the imported app) | |||
Start UserSyncTask
|
Read | Update | |||
Start ReloadTask | Update | Read |
Duplicate, Publish, Publish and replace
Task | App | Stream | App.Object |
---|---|---|---|
Duplicate | Read and Duplicate | Read (Otherwise, the app will be duplicated, but only app objects that the user has read access on will be included in duplicated app.) | |
Publish | Read and Publish | Read and Publish | Read (Otherwise, the app will be published but only app objects that the user has read access on will be published.) |
Publish and replace | Read, Update, and Publish | Read and Publish | Read and Update |
Task details
Import
Description
To be able to import an app that contains new data connections, you need Create permission on the resource type DataConnection and Create and Update permissions on the resource type App.
Rule 1
Resource filter = App_*
Conditions = (Condition to select users allowed to import apps.)
Actions = Create, Update
Rule 2
Resource filter = DataConnection_*
Conditions = (Condition to select users allowed to import apps.)
Actions = Create
Start UserSyncTasks
Description
To be able to run a user sync task, you need to have Create permission on the resource type UserSyncTask and Update permission on the resource type UserDirectory.
Rule 1
Resource filter = UserSyncTask_*
Conditions = (Condition to select users and/or user sync tasks allowed to be run.)
Actions = Read
Rule 2
Resource filter = UserDirectory_*
Conditions = (Condition to select users and/or user directories allowed to be updated.)
Actions = Update
Start ReloadTasks
Description
To be able to run a reload task, you need to have Read permission on the resource type ReloadTask and Update permission on the resource type App.
Rule 1
Resource filter = App_*
Conditions = (Condition to select users and/or apps allowed to be reloaded.)
Actions = Update
Rule 2
Resource filter = ReloadTask_*
Conditions = (Condition to select users and/or reload tasks allowed to be run.)
Actions = Read
Duplicate
Description
To be able to duplicate an app, you need to have Read permissions on the resource types App and App.Objects (the objects that are to be part of the duplicated app) and permission to Duplicate an app.
Rule 1
Resource filter = App_*
Conditions = (Condition to select users allowed to duplicate apps.)
Actions = Create and Read
Rule 2
Resource filter = App.Object_*
Conditions = (Condition to select users and/or apps allowed to be duplicated.)
Actions = Read
Publish
Description
To be able to publish an app, you need Read and Publish permissions on the app, Read and Publish permissions on the resource type Stream, and Read permission on the resource type App.Objects (the objects that will be included in the published app).
Rule 1
Resource filter = App_*, Stream_*
Conditions = (Condition to select users allowed to publish apps to the stream.)
Actions = Read, Publish
Rule 2
Resource filter = App.Object_*
Conditions = (Condition to select users and/or App.Objects that will be included in the published app.)
Actions = Read
Publish and replace app
Description
To be able to publish and replace an app, you need Read, Update, and Publish permissions on the resource type App, Read and Publish permissions on the resource type Stream, and Read and Update permissions on the resource type App.Objects (the objects that will be included in the published app).
Rule 1
Resource filter = App_*
Conditions = (Condition to select users allowed to publish and replace the app.)
Actions = Read, Publish, Update
Rule 2
Resource filter = Stream_*
Conditions = (Condition to select users and/or streams allowed to publish to.)
Actions = Read, Publish
Rule 3
Resource filter = App.Object_*
Conditions = (Condition to select users and/or App.Objects that will be in the published app.)
Actions = Read, Update