Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
We are trying to separate in our security rules the ability for a user to export data in an app and the ability for a user to export a pdf/powerpoint of their story in an app.
We would like to allow all users to export pdfs/powerpoints of their stories, but only power users to export data.
Currently both abilities seem to be covered by the ExportAppData rule:
action: export data
filter: App_*
conditions: resource.HasPrivilege("read") and !user.IsAnonymous()
context: both in hub and qmc
Does anyone know of a way to separate these two abilities or can anyone confirm whether it is/isn't possible?
Thanks
Try objectype filter for story type. Also you use custom property to allow exportdata action for power users and restrict other users for non story objects.