I was trying to create a policy so that I can give a user the permission to set Key User Actions, without giving them permissions to Edit the whole application, nor giving them access to the Environment's whole Settings page (i.e., I do not want to put them in the Monitoring Admin user group).
This user just needs to be able to set a User Action as key (and remove it from key, afterwards, if needed).
I notice that something similar can be done at the Services level: one can be given the permission to Write on the "Key Requests" list, and so set requests as Key...
As sugested on the "Key Requests" settings page on a given service:
The policy should look something like:
|ALLOW settings:objects:read, settings:objects:write, settings:schemas:read
WHERE settings:schemaId = "builtin:settings.subscriptions.service";
Is something similar available to Key User Actions?
I know that this sort of page does not exist at the Application level, but I was wondering if the permission to set a User Action as Key (which does not require access to any settings page, just the button on the User Action page) could be granted via any existing policy?
If there is no schema for it, then you can't use the settings API to modify it. Such schema is not listed in the docs, you can check the settings API to fetch a current schema list - maybe there is already something not yet listed in the docs.
Yep, that was what we did and found nothing to address our issue...
In the process, besides this one case, we found other interesting settings that have no schema for them... maybe we'll gather a list to post as Ideas, because such cases with the need for more granular permissions keep arising here and there: and, as you said, without schemas, there's nothing we can do about it 😞
Yes, I've faced the same issue but with extensions configurations