Skip to content

Permissions

Attach user roles to configurations. Access is granted only to security roles listed in the roles Property.

{
    "name": "locations",
    "roles": ["MAXEVERYONE"],
}

You can bypass authorization by special role SKIP-AUTHORIZATION.

Trees can be set to non-editable via rolesReadonly. For this feature, the insight-userprofile.json must contain an attribute with "roles" label. The node of the attribute must list all roles of the user. Examples below:

!!! rolesReadonly is currently only a client feature and there is no server side check yet. !!!

{
    "roles": ["planner", "viewer"],
    "rolesReadonly": ["viewer"],
}

User has: viewer -> Readonly = true

{
    "roles": ["planner", "viewer"],
    "rolesReadonly": ["viewer"],
}

User has: worker, viewer -> Readonly = true

        {
          "roles": ["planner", "viewer"],
          "rolesReadonly": ["viewer"],
        }

User has: planner -> Readonly = false

{
    "roles": ["planner", "viewer"],
    "rolesReadonly": ["viewer"],
}

User has: planner, viewer -> Readonly = false

Example: insight-userprofile.json

"children": [
    {
        "name": "roles",
        "title": "Roles",
        "label": "${name}",
        "type": "USER_ROLE",
        "query": {
            "constraint": "user = ${login}"
        },
        "attributes": [
            {
                "name": "name",
                "label": "roles",
                "readonly": true
            }
        ]
    }
]