App Security Rules

abrown229 — Sat, 16 Nov 2024 06:19:37 GMT

Hi everyone,

I'm not sure if this belongs in this location but I'm hoping someone can help with some security logic.

Here's what I'm trying to achieve:

I have set up a new stream ("Stream_Development") for developing apps along with its own property for access (@DevStream).

I have also set up a custom app property for @Testing.

I can grant access to users using the @DevStream property, but when the @Testing property is set to false on an individual app, the app shouldn't show.

I also have a @Developer property for users who should be able to see all apps in the stream regardless of the state of the @Testing property.

When we want to open that app up to other users for testing, setting the @Testing property should then show it to other users with access to the stream.

It seems like a simple enough concept and I've managed to get the logic working - however in doing so I broke everything else and all users were unable to see any apps but their own (in every stream).

Here's what I've got so far:

I've been manipulating the Stream security rule as that's the only one that I can see that impacts visibility of all apps - but there's clearly something wrong with my logic. The changes I have made are below:

app.stream.name != "Stream_Development" and (
	(resource.resourcetype = "App" and resource.stream.HasPrivilege("read")) 
	or ((resource.resourcetype = "App.Object" and resource.published ="true" and resource.objectType != "app_appscript" 
	and resource.objectType != "loadmodel") and resource.app.stream.HasPrivilege("read"))
)
or 
app.stream.name ="Stream_Development" and (resource.@Testing="True" or user.@Developer="True")

The indented block is the original rule with my additions surrounding it.

Am I going about this the right way?

Thanks

topic App Security Rules in Management & Governance

App Security Rules