Skip to content

Permissions

Attach user roles to configurations. Access is granted only to security roles listed in the roles Property.

    {
      "name": "locations",
      ...
      "roles": ["MAXEVERYONE"],
      ...
    }

You can bypass authorization by special role "SKIP-AUTHORIZATION".

Trees can be set to non-editable via rolesReadonly. For this feature, the insight-userprofile.json must contain an attribute with "roles" label. The node of the attribute must list all roles of the user. Examples below:

!!! rolesReadonly is currently only a client feature and there is no server side check yet. !!!

    {
      "roles": ["planner", "viewer"],
      "rolesReadonly": ["viewer"],
    }

User has: "viewer" -> Readonly = true

    {
      "roles": ["planner", "viewer"],
      "rolesReadonly": ["viewer"],
    }

User has: "worker", "viewer" -> Readonly = true

    {
      "roles": ["planner", "viewer"],
      "rolesReadonly": ["viewer"],
    }

User has: "planner" -> Readonly = false

    {
    "roles": ["planner", "viewer"],
    "rolesReadonly": ["viewer"],
    }

User has: "planner", "viewer" -> Readonly = false

Example: insight-userprofile.json

    ...
    "children": [
      {
        "name": "roles",
        "title": "Roles",
        "label": "${name}",
        "type": "USER_ROLE",
        "query": {
          "constraint": "user = ${login}"
        },
        "attributes": [
          {
            "name": "name",
            "label": "roles",
            "readonly": true
          }
        ]
      }
    ]