Security rule: Create

Note: LOCKED.
This API is extremely reliable and will not be broken unless absolutely necessary.

Method

POST

Path

/qrs/systemrule/

Description

Create and configure a custom security rule. The following example shows only a basic configuration. Properties that are not configured will be set to system defaults.

Rule properties and resource filters

There are numerous combinations and customizations of conditions that can be expressed in a security rule. The same applies to the resource filter that is used to narrow down the types of resources that the rule should be applied to. The best way to determine the proper condition and resource syntax is to configure them in the QMC and then call GET /qrs/systemrule to retrieve the applicable security rule entity.

Action properties

Every security rule is associated with one or more actions that can be performed on a resource. The following table lists the available security actions and corresponding values.

Action Value
None

0

Create 1
Read 2
Update 4
Delete 8
Export 16
Publish 32
Change owner 64
Change role 128
Export data 256

If you want to specify a combination of allowable actions for a new security rule, you need to calculate the sum of the desired action values. For example, if you want to assign create, read, and update actions to a security rule, the action value would be 7.

Context properties

The rule context determines the scope of the security rule, which can apply to the hub, QMC, or both. The following table lists the corresponding value for each context.

Context Value
Hub & QMC

0

Hub 1
QMC 2

Body

In this example, a security rule is assigned to the Stream1 Admin role, which gives users with this role the ability to perform specific actions on the stream, as well as on the apps, sheets, and stories in the stream. These specific actions include create, read, update, delete, export, publish, change owner, and export data.

{ "category": "Security", "name": "Stream admin", "rule": "user.roles = \"Stream1Admin\" and ((resource.resourcetype=\"Stream\" and resource.name=\"Stream 1\") or (resource.resourcetype=\"App\" and resource.stream.name=\"Stream 1\") or (resource.resourcetype=\"App.Object\" and resource.objectType=\"sheet\" and resource.app.stream.name=\"Stream 1\") or (resource.resourcetype=\"App.Object\" and resource.objectType=\"story\" and resource.app.stream.name=\"Stream 1\") or (resource.resourcetype=\"ReloadTask\" and resource.app.stream.name=\"Stream 1\"))", "actions": 383, "resourceFilter": "Stream_*, App_*, App.Object_*, ReloadTask_*", "comment": "Admin for the Stream 1 stream should have full access rights to the stream, and apps, sheets, and stories in the stream", "ruleContext": 0 }

Return value

{ "id": "38a8e12a-6362-48ba-ad1d-4241f987156c", "createdDate": "2017-03-10T19:37:13.429Z", "modifiedDate": "2017-03-10T19:37:13.429Z", "modifiedByUserName": "INTERNAL\\sa_repository", "category": "Security", "type": "Custom", "name": "QMC content admin", "rule": "user.roles = \"Stream1Admin\" and ((resource.resourcetype=\"Stream\" and resource.name=\"Stream 1\") or (resource.resourcetype=\"App\" and resource.stream.name=\"Stream 1\") or (resource.resourcetype=\"App.Object\" and resource.objectType=\"sheet\" and resource.app.stream.name=\"Stream 1\") or (resource.resourcetype=\"App.Object\" and resource.objectType=\"story\" and resource.app.stream.name=\"Stream 1\") or (resource.resourcetype=\"ReloadTask\" and resource.app.stream.name=\"Stream 1\"))", "resourceFilter": "Stream_*, App_*, App.Object_*, ReloadTask_*", "actions": 383, "comment": "Admin for the Stream 1 stream should have full access rights to the stream, and apps, sheets, and stories in the stream", "disabled": false, "ruleContext": 0, "seedId": "00000000-0000-0000-0000-000000000000", "version": 0, "tags": [], "privileges": null, "impactSecurityAccess": false, "schemaPath": "SystemRule" }

Optional parameters

-

Did this information help you?

Can you tell us why it did not help you and how we can improve it?