topic Re: Security Rules - Access stream if have access to app in Management & Governance

Security Rules - Access stream if have access to app

deec — Sat, 16 Nov 2024 05:31:18 GMT

I was wondering if it is possible to let users only see streams they have an app in. Without having to maintain their stream access in another list. In other words, it should be one simple rule, not forcing me to maintain all streams listed somewhere.

I am importing users with attributes, which I can then tie to apps:

User: John (has a user attribute named "appAccess" with a value of "ABC")

App: ABC resides in the Sales stream

So I'd like to create a rule that allows John to see the Sales stream because he has access to the App inside.

The rule for app access is simple: Resources: Apps_* (user.appAccess=resource.Name)

I do not want another user to be able to see the Sales stream, unless they can see an app inside.

Thanks

Re: Security Rules - Access stream if have access to app

sasikumar — Thu, 31 Oct 2019 07:42:59 GMT

hi,
Did you create security rule for this ? let me know
if not i will test this scenario in my environment and ill update you

Re: Security Rules - Access stream if have access to app

deec — Thu, 31 Oct 2019 15:28:35 GMT

@sasikumar thanks for checking in. I was never able to successfully create a rule for Streams that takes into consideration whether the user has access to an app within that stream.

I think the problem stems from property lookup going up, not down.

For example a Stream can be looked up by the app: app.Stream

But an App can't be referenced by the stream: Stream.app? Possibly because of the one-to-many relationship?

So for now, my users can see all streams. Even if there are no apps inside for them to see. Which is not ideal, but it beats having to manage their stream visibility via UDC user attributes.