Permissions¶
Attach user roles to configurations. Access is granted only to security roles listed in the roles Property.
{
"name": "locations",
...
"roles": ["MAXEVERYONE"],
...
}
You can bypass authorization by special role "SKIP-AUTHORIZATION".
Trees can be set to non-editable via rolesReadonly. For this feature, the insight-userprofile.json must contain an attribute with "roles" label. The node of the attribute must list all roles of the user. Examples below:
!!! rolesReadonly is currently only a client feature and there is no server side check yet. !!!
{
"roles": ["planner", "viewer"],
"rolesReadonly": ["viewer"],
}
User has: "viewer" -> Readonly = true
{
"roles": ["planner", "viewer"],
"rolesReadonly": ["viewer"],
}
User has: "worker", "viewer" -> Readonly = true
{
"roles": ["planner", "viewer"],
"rolesReadonly": ["viewer"],
}
User has: "planner" -> Readonly = false
{
"roles": ["planner", "viewer"],
"rolesReadonly": ["viewer"],
}
User has: "planner", "viewer" -> Readonly = false
Example: insight-userprofile.json
...
"children": [
{
"name": "roles",
"title": "Roles",
"label": "${name}",
"type": "USER_ROLE",
"query": {
"constraint": "user = ${login}"
},
"attributes": [
{
"name": "name",
"label": "roles",
"readonly": true
}
]
}
]