Skip to main content Skip to complementary content

Security rules example: Creating QMC organizational admin roles

In this example, you organize the administration of access rights for your departments by doing the following:

  • Creating an administrator for each department
  • Providing each administrator with full access rights to content created by users belonging to that department

To create the organizational admin roles you need to create new security rules and you will use custom properties to connect the roles to the apps.

Security rule The result of the rule
DepartmentAdminQmcSections Controls which sections in the QMC that are to be visible to the administrator.
DepartmentAdminApp Controls which resources the administrator is authorized to manage.

Procedure

Do the following:

  1. Create a new custom property:
    1. Name the property Department.
    2. Under Resource types, select Apps, Reload tasks, and Users.
    3. Click Create new and enter the value Finance.
    4. Click outside the Values area.
    5. Click Create new and enter the value Sales.
    6. Click Apply.
  2. Create the new security rules (DepartmentAdminQmcSections and DepartmentAdminApp): 

    1. Select Security rules and click PCreate new.
    2. In the Advanced and Basic sections, fill in the fields Resource filter, Conditions, Actions and Context per Security rule code.
  3. Apply the role to the admin users for the departments (repeat this step for all the administrators you want to add): 

    1. Select Users, select a user and click Edit.

    2. Click P under Admin roles and select DepartmentAdmin.
    3. At Custom properties you select value (Salesor Finance) for your custom property Department.
    4. Click Apply.

  4. Select the apps that the organizational admin user should be able to administer:

    1. Select Apps, Ctrl+click to select more than one app and click Edit.
    2. Select value (Sales or Finance) for your custom property Department.
    3. Click Apply.

You have now created and assigned the organizational admin role.

Security rule code

The following is the security rule code for this example, with explanatory comments:

Security rule code for "DepartmentAdminQmcSections"

Field Code Comments
Resource filter QmcSection_Stream,QmcSection_App,QmcSection_App.Sheet, QmcSection_App.Story,QmcSection_Tag, QmcSection_Task, QmcSection_ReloadTask, QmcSection_Event, QmcSection_SchemaEvent, QmcSection_CompositeEvent

Specifically filters on streams, apps, sheets, stories, tags, tasks, and triggers.

Conditions user.roles = "DepartmentAdmin"

The rule will apply to all users that have the user role set to DepartmentAdmin.

Actions read Read action will be granted provided that the conditions are met.
Context Only in QMC The rule is only valid when you use the QMC.

Security rule code for "DepartmentAdminApp"

Field Code Comments
Resource filter App*,ReloadTask_*,SchemaEvent_*,Tag_*,CompositeEvent_*

Specifically filters on apps, sheets, stories, tasks, tags and triggers.

Conditions user.roles="DepartmentAdmin" and resource.@Department=user.@Department and (resource.resourcetype="App" or (resource.resourcetype="ReloadTask" or resource.resourcetype="App.Object") or resource.resourcetype="SchemaEvent" or resource.resourcetype="CompositeEvent" or resource.resourcetype="Tag")

The rule will apply to all users that have the user role set to DepartmentAdmin.

Actions create, read, update, delete, publish The actions will be granted provided that the conditions are met.
Context Only in QMC The rule is only valid when you use the QMC.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!