topic Re: security rule to publish an application according Custom Property in Management & Governance

security rule to publish an application according Custom Property

fabricecallegari — Sat, 16 Nov 2024 04:15:46 GMT

Hello,

"@Customer" custom property is available for apps, stream and users.

An app and a stream are assigned to 1 value of @Customer.

A user can be assigned to many values of @Customer.

I'm trying to create a rule that allow users to publish an application according this custom property. Something like that (security rule to publish, stream resource):

((user.@CUSTOMER = resource.stream.@CUSTOMER

and

user.@CUSTOMER = resource.app.@CUSTOMER))

but it does not work (no stream availbale when I try to publish).

Can somebody help me to create this rule?

regards

Fabrice

Re: security rule to publish an application according Custom Property

rubenmarin — Mon, 28 Oct 2019 11:07:17 GMT

Hi Fabrice, you don't need to access the stream from the resource, the resource is already the stream, so maybe is just:

((user.@CUSTOMER = resource.@CUSTOMER))

But I'm not sure how to check both properties in one shot (stream and app properties) maybe swiching the resource to both: app and stream?

BTW, I think you can't access app from stream, the opposite works (app.stream) because an app is in only one stream but I have doubts about the stream.app (or resource.app when the resource is a stream).

Regards

Re: security rule to publish an application according Custom Property

fabricecallegari — Mon, 28 Oct 2019 20:43:35 GMT

Hello,

I tried ((user.@CUSTOMER = resource.@CUSTOMER)) with resources app and stream but it doesn't work.

The @CUSTOMER from the app is not take in account.

Re: security rule to publish an application according Custom Property

fabricecallegari — Thu, 31 Oct 2019 14:32:01 GMT

no one has another idea?

Re: security rule to publish an application according Custom Property

fabricecallegari — Mon, 11 Nov 2019 14:24:06 GMT

no one to help me?

I just want to limit the publication of an application, in a stream with the custom property @CUSTOMER is the same for both application/stream?

At worst how can I publish an app in a stream (security rule to this stream) only for the application which have the custom property @CUSTOMER = "TOTO"

thank in advance,

Re: security rule to publish an application according Custom Property

fabricecallegari — Fri, 29 Nov 2019 17:00:58 GMT

I note that in the security rules, a comparison with custom properties is always with user.@CustomProperty.

I mean it always reference the "user" resource. Is that correct?

Re: security rule to publish an application according Custom Property

rubenmarin — Mon, 02 Dec 2019 07:51:07 GMT

Hi, it's not a "must" but is the usual way to do it because usually you want to compare properties asssigned to the user to the ones assigned to other entities (stream, app, app_object, data connection...)

Re: security rule to publish an application according Custom Property

fabricecallegari — Mon, 02 Dec 2019 10:50:00 GMT

Ok,

so if I don't want to compare custom properties from the user but between an app and a stream.

How can I do that?

Re: security rule to publish an application according Custom Property

rubenmarin — Mon, 02 Dec 2019 11:01:33 GMT

app.@CustomProperty=app.stream.@CustomProperty

Re: security rule to publish an application according Custom Property

fabricecallegari — Mon, 02 Dec 2019 11:38:51 GMT

Thank you for your answer.

To come back to my original question, I tried the security rule:

Resource filter: App_*,Stream_*
action: "publish"
conditions: ((app.@SECURITY=app.stream.@SECURITY))

The rule is "validated" but does not work as expected (in the hub, when trying to publish, nothing is proposed in the stream list...)

Re: security rule to publish an application according Custom Property

Anil_Babu_Samineni — Mon, 02 Dec 2019 11:47:59 GMT

If you want only Publish yes action type is okay. Condition should be

resource.IsOwned() and resource.owner = user

Re: security rule to publish an application according Custom Property

rubenmarin — Mon, 02 Dec 2019 11:48:06 GMT

Yes, I suppose you need publish permission in stream, and I don't know how to check publish permission in an app and in the stream in the same check because the rule should be different for app than for stream, if you use an 'and' both resources can't be checked, if you use an 'or' only when one check is true you would gain access without checking the other.

Maybe splitting in 2 rules? one for app and another for stream?

Resource filter: App_* (or just App*, without '_')
action: "publish","update"
conditions: ((resource.@SECURITY=user.@SECURITY))

Resource filter: Stream_* (or just Stream*)
action: "publish"
conditions: ((resource.@SECURITY=user.@SECURITY))

Re: security rule to publish an application according Custom Property

fabricecallegari — Mon, 02 Dec 2019 12:36:09 GMT

The customProperty set to the application level is a security to be sur the application could only be deployed to some stream.

Example:

3 streams: S1 (custom property @SECURITY = C1), S2 (custom property @SECURITY = C2), S3 (custom property @SECURITY = C3)

The user can access to streams in S1 and S2

He wants to publish the application A1. Application A1 is assigned to a custom property @SECURITY = C1 so A1 could only be deployed in the S1 stream.

With your proposition, I add the custom property @SECURITY to users and I tested it and I can publish in each stream assigned to @SECURITY of the user (even if the value in @SECURITY of the app is different)...