Multiple permissions for complex user events

When you work with complex user events, you usually need more than one rule to account for all requirements. The following permission examples involve two or more rules, addressing different resource types, conditions, and actions. In the tables, each task is presented together with the required actions.

Import, Start user sync task, Start reload task

Duplicate, Publish, Publish and replace

Task details

Import

Description

To be able to import an app that contains new data connections, you need Create permission on the resource type DataConnection and Create and Update permissions on the resource type App.

Rule 1

Resource filter = App_*

Conditions = (Condition to select users allowed to import apps.)

Actions = Create, Update

Rule 2

Resource filter = DataConnection_*

Conditions = (Condition to select users allowed to import apps.)

Actions = Create

Start UserSyncTasks

Description

To be able to run a user sync task, you need to have Create permission on the resource type UserSyncTask and Update permission on the resource type UserDirectory.

Rule 1

Resource filter = UserSyncTask_*

Conditions = (Condition to select users and/or user sync tasks allowed to be run.)

Actions = Read

Rule 2

Resource filter = UserDirectory_*

Conditions = (Condition to select users and/or user directories allowed to be updated.)

Actions = Update

Start ReloadTasks

Description

To be able to run a reload task, you need to have Read permission on the resource type ReloadTask and Update permission on the resource type App.

Rule 1

Resource filter = App_*

Conditions = (Condition to select users and/or apps allowed to be reloaded.)

Actions = Update

Rule 2

Resource filter = ReloadTask_*

Conditions = (Condition to select users and/or reload tasks allowed to be run.)

Actions = Read

Duplicate

Description

To be able to duplicate an app, you need to have Read permissions on the resource types App and App.Objects (the objects that are to be part of the duplicated app) and permission to Duplicate an app.

Rule 1

Resource filter = App_*

Conditions = (Condition to select users allowed to duplicate apps.)

Actions = Create and Read

Rule 2

Resource filter = App.Object_*

Conditions = (Condition to select users and/or apps allowed to be duplicated.)

Actions = Read

Publish

Description

To be able to publish an app, you need Read and Publish permissions on the app, Read and Publish permissions on the resource type Stream, and Read permission on the resource type App.Objects (the objects that will be included in the published app).

Rule 1

Resource filter = App_*, Stream_*

Conditions = (Condition to select users allowed to publish apps to the stream.)

Actions = Read, Publish

Rule 2

Resource filter = App.Object_*

Conditions = (Condition to select users and/or App.Objects that will be included in the published app.)

Actions = Read

Publish and replace app

Description

To be able to publish and replace an app, you need Read, Update, and Publish permissions on the resource type App, Read and Publish permissions on the resource type Stream, and Read and Update permissions on the resource type App.Objects (the objects that will be included in the published app).

Rule 1

Resource filter = App_*

Conditions = (Condition to select users allowed to publish and replace the app.)

Actions = Read, Publish, Update

Rule 2

Resource filter = Stream_*

Conditions = (Condition to select users and/or streams allowed to publish to.)

Actions = Read, Publish

Rule 3

Resource filter = App.Object_*

Conditions = (Condition to select users and/or App.Objects that will be in the published app.)

Actions = Read, Update