Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hello
I have a security rule with resource filters as follows:
ReloadTask_*,CompositeEvent_*,SchemaEvent_*,ExecutionResult_*,ExecutionSession_*
Actions:
Create, Read, and Update
Conditions:
(
user.roles = "FinanceDeveloper" and (user.group = "Flash-BI" or user.group="Bifinance")
)
and
(
resource.app.owner.userid = user.userid
or
(resource.app.@FINANCE_SPECIFIC = "YES"
and resource.app.@AppAccess = user.@AppAccess
)
)
a user that statisfies these conditions can read the tasks, and can create a task however this user cannot create a trigger on that task.
user can create a task successfully without trigger but when the user tries to add a trigger and clicks the Apply button the following error message appears:
am I missing anything here?
Triggers don't have a hierarchical relationship in the same way tasks do. Separate out the rule CompositeEvent_*,SchemaEvent_*,ExecutionResult_*,ExecutionSession_* entities into their own rule without the app level qualifiers. Example condition:
(
user.roles = "FinanceDeveloper" and (user.group = "Flash-BI" or user.group="Bifinance")
)
Hi @ali_hijazi
This all looks "perfect". Checking on some notes... the only thing I have different is I have ExternalProductSignOn_* as well on one of my rules. But doubt that this might be what's missing.
Maybe give it a try?
Regards
Mark the solution as accepted that solved your problem and if you found it useful, press the like button! Check out my YouTube Channel | Follow me on LinkedIn
@JandreKillianRIC I added this ExternalProductSignOn_* but still getting the same error message.
**bleep**.... I will check again later and let you know if I find anything.
Mark the solution as accepted that solved your problem and if you found it useful, press the like button! Check out my YouTube Channel | Follow me on LinkedIn
@rwunderlich can you help on this topic?
@marksouzacosta may you please help here?
Triggers don't have a hierarchical relationship in the same way tasks do. Separate out the rule CompositeEvent_*,SchemaEvent_*,ExecutionResult_*,ExecutionSession_* entities into their own rule without the app level qualifiers. Example condition:
(
user.roles = "FinanceDeveloper" and (user.group = "Flash-BI" or user.group="Bifinance")
)
thank you very much @Levi_Turner
yes it works!!