Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hello,
I'm currently trying to create a rule where a newly created admin role can create and manage streams and users. This is the resource filter from the rule I copied from the SecurityAdmin rules with some resources removed.
Stream_*,App*,User*,SystemRule_*,CustomProperty*,ContentLibrary_*
I then place this condition:
user.roles="TEST_DepartmentAdmin"
This condition tells me that if the role of the user is that of TEST_DepartmentAdmin, then grant him access to all of the above. It works as intended because I can create or edit rules that are part of a particular stream.
However, when I add this:
((user.roles="TEST_DepartmentAdmin" and resource.@TEST_Department=user.@TEST_Department))
It breaks the rule and the privileges of the admin are lost. For example, I was able to create and edit rules earlier for a particular stream, but when I added that second part, the admin was no longer able to add or edit rules citing lack of privileges for the user.
Is there a fix for what I'm trying to do? Or am I doing something incorrectly?
Thank you.
EDIT: A note is that I'm trying to make it such that that admin (which is the administrator for a particular stream and its sub streams) is only allowed to manage the streams he is the admin of. Therefore, he should only be able to create and edit the rules of the stream he is the admin of.
Hi, did you check if you added the correct custom propertie value to the Stream you're testing?
Cheers,
Andrés
Yes, the custom property between the stream and the user is the exact same.
Found the problem.
The issue was that since security rules do not have custom properties, I was not able to make a single change to the security rules.
Leaving this question unanswered because it's not really a solution.