Skip to main content Skip to complementary content

Multiple permissions for complex user events

When you work with complex user events, you usually need more than one rule to account for all requirements. The following permission examples involve two or more rules, addressing different resource types, conditions, and actions. In the tables, each task is presented together with the required actions.

Import, Start user sync task, Start reload task

Import, Start user sync task, Start reload task permissions
Task App Data Connection UserSyncTask ReloadTask UserDirectory
Import Create and Update Create (if there is a new data connection in the imported app)      

Start UserSyncTask

 

    Read   Update
Start ReloadTask Update     Read  

Duplicate, Publish, Publish and replace

Duplicate, Publish, Publish and replace permissions
Task App Stream App.Object
Duplicate Read and Duplicate   Read (Otherwise, the app will be duplicated, but only app objects that the user has read access on will be included in duplicated app.)
Publish Read and Publish Read and Publish Read (Otherwise, the app will be published but only app objects that the user has read access on will be published.)
Publish and replace Read, Update, and Publish Read and Publish Read and Update

Task details

Import

Description

To be able to import an app that contains new data connections, you need Create permission on the resource type DataConnection and Create and Update permissions on the resource type App.

Rule 1

Resource filter = App_*

Conditions = (Condition to select users allowed to import apps.)

Actions = Create, Update

Rule 2

Resource filter = DataConnection_*

Conditions = (Condition to select users allowed to import apps.)

Actions = Create

Start UserSyncTasks

Description

To be able to run a user sync task, you need to have Create permission on the resource type UserSyncTask and Update permission on the resource type UserDirectory.

Rule 1

Resource filter = UserSyncTask_*

Conditions = (Condition to select users and/or user sync tasks allowed to be run.)

Actions = Read

Rule 2

Resource filter = UserDirectory_*

Conditions = (Condition to select users and/or user directories allowed to be updated.)

Actions = Update

Start ReloadTasks

Description

To be able to run a reload task, you need to have Read permission on the resource type ReloadTask and Update permission on the resource type App.

Rule 1

Resource filter = App_*

Conditions = (Condition to select users and/or apps allowed to be reloaded.)

Actions = Update

Rule 2

Resource filter = ReloadTask_*

Conditions = (Condition to select users and/or reload tasks allowed to be run.)

Actions = Read

Duplicate

Description

To be able to duplicate an app, you need to have Read permissions on the resource types App and App.Objects (the objects that are to be part of the duplicated app) and permission to Duplicate an app.

Rule 1

Resource filter = App_*

Conditions = (Condition to select users allowed to duplicate apps.)

Actions = Create and Read

Rule 2

Resource filter = App.Object_*

Conditions = (Condition to select users and/or apps allowed to be duplicated.)

Actions = Read

Publish

Description

To be able to publish an app, you need Read and Publish permissions on the app, Read and Publish permissions on the resource type Stream, and Read permission on the resource type App.Objects (the objects that will be included in the published app).

Rule 1

Resource filter = App_*, Stream_*

Conditions = (Condition to select users allowed to publish apps to the stream.)

Actions = Read, Publish

Rule 2

Resource filter = App.Object_*

Conditions = (Condition to select users and/or App.Objects that will be included in the published app.)

Actions = Read

Publish and replace app

Description

To be able to publish and replace an app, you need Read, Update, and Publish permissions on the resource type App, Read and Publish permissions on the resource type Stream, and Read and Update permissions on the resource type App.Objects (the objects that will be included in the published app).

Rule 1

Resource filter = App_*

Conditions = (Condition to select users allowed to publish and replace the app.)

Actions = Read, Publish, Update

Rule 2

Resource filter = Stream_*

Conditions = (Condition to select users and/or streams allowed to publish to.)

Actions = Read, Publish

Rule 3

Resource filter = App.Object_*

Conditions = (Condition to select users and/or App.Objects that will be in the published app.)

Actions = Read, Update

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!