14 Aug 2023 12:36 PM - last edited on 14 Aug 2023 03:14 PM by Ana_Kuzmenchuk
I was trying to create a policy so that I can give a user the permission to set Key User Actions, without giving them permissions to Edit the whole application, nor giving them access to the Environment's whole Settings page (i.e., I do not want to put them in the Monitoring Admin user group).
This user just needs to be able to set a User Action as key (and remove it from key, afterwards, if needed).
I notice that something similar can be done at the Services level: one can be given the permission to Write on the "Key Requests" list, and so set requests as Key...
As sugested on the "Key Requests" settings page on a given service:
The policy should look something like:
ALLOW settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "builtin:settings.subscriptions.service"; |
Is something similar available to Key User Actions?
I know that this sort of page does not exist at the Application level, but I was wondering if the permission to set a User Action as Key (which does not require access to any settings page, just the button on the User Action page) could be granted via any existing policy?
Solved! Go to Solution.
14 Aug 2023 12:45 PM
Afaik there is no such schema you can use for key user action (at this time).
14 Aug 2023 02:35 PM
Thanks, @Julius_Loman !
I've searched and searched, so I assume that as well... I'll probably post it as a Product Idea 🙂
14 Aug 2023 02:48 PM
If there is no schema for it, then you can't use the settings API to modify it. Such schema is not listed in the docs, you can check the settings API to fetch a current schema list - maybe there is already something not yet listed in the docs.
14 Aug 2023 03:48 PM
Yep, that was what we did and found nothing to address our issue...
In the process, besides this one case, we found other interesting settings that have no schema for them... maybe we'll gather a list to post as Ideas, because such cases with the need for more granular permissions keep arising here and there: and, as you said, without schemas, there's nothing we can do about it 😞
21 Dec 2023 08:15 PM
I have documented everything that I can think of in a spreadsheet for Schema 1.0, 2.0 and no schema.
Here is link on no schema:
21 Dec 2023 09:42 PM
@Kenny_Gillette You have done a super job! It seems to be all there.
14 Aug 2023 03:16 PM
Hi @PedroDeodato Same issue here, only role to access the button is change monitoring settings at least under Management Zone permissions, not doable via policy.
15 Aug 2023 09:17 AM
Yes, I've faced the same issue but with extensions configurations