Hi
Im trying to create permissions for a custom-role on shared flows and facing an issue when verifying those roles.
My end goal is to create a custom role such that any org user who belongs to that custom role should be able to perform edit and delete only on the shared flows he/she creates. Is this possible ? I see this works as expected with proxies, but not with shared flows. And in this process I found an issue which the following describes.
Here are my steps
1. Created permissions using Management API -- Here are the permissions related to shared flows on custom-role
{ "organization": "ORG_NAME", "path": "/sharedflows", "permissions": [ "put", "get" ] }, { "organization": "ORG_NAME", "path": "/sharedflows/*", "permissions": [ "put", "get" ] }, { "organization": "ORG_NAME", "path": "/sharedflows/*/revisions/*", "permissions": [ "delete", "put", "get" ] }, { "organization": "ORG_NAME", "path": "/sharedflows/*/revisions/*/deploy", "permissions": [ "delete", "put", "get" ] }, { "organization": "ORG_NAME", "path": "/environments/*/sharedflows/*/revisions/*/deployments", "permissions": [ "delete", "put", "get" ] }
2. User assigned to the newly created custom role
3. User logged in to Edge and created shared flow
4. Administrator made a management API call to see how the permissions look for newly created shared flow
{ "organization": "ORG_NAME", "path": "/sharedflows/Shared-Flow-Created-by-CustomRole/undefined", "permissions": [ "delete", "put", "get" ] },
please note 'undefined' in the path. Not sure if this is a bug or if Im doing something incorrectly. Also Please let me know if my permissions are incorrect for managing shared flows. The objective is to create a custom role such that any org user who belongs to that custom role should be able to perform edit and delete only on the shared flows he/she creates.
Thank you!
Solved! Go to Solution.
I would create a role per user and assign permissions that mix wildcards with 'user ids' (perhaps a prefix?) e.g.
{ "path" : "/sharedflows/USER_ID*", "permissions" : ["put", "get"] }
I would assume that only a role with POST permissions will create entities for the 'Specific User Role'. Once these entities are created the 'Specific User' will be able to edit these entities.
Also, the '
/sharedflows/*/revisions/*/deploy' path doesn't exist in the sharedflows doc.
¿Could you share the management API call that you're using for step No. 4? Thanks.
{{MGMTSVR}}/v1/organizations{{ORG}}/userroles/{{ROLENAME}}/permissions
I would create a role per user and assign permissions that mix wildcards with 'user ids' (perhaps a prefix?) e.g.
{ "path" : "/sharedflows/USER_ID*", "permissions" : ["put", "get"] }
I would assume that only a role with POST permissions will create entities for the 'Specific User Role'. Once these entities are created the 'Specific User' will be able to edit these entities.
Also, the '
/sharedflows/*/revisions/*/deploy' path doesn't exist in the sharedflows doc.
Im testing this and possibly use a shell script to automate this. Will update soon. Thanks Ruben!
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |