Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
I am trying to set up a security rule so that the users can have access to all app objects except sheets. Further, users should only be able to see bookmarks, stories etc.created by themselves and should not see the bookmarks, stories etc. created by other users.
I have been trying the following:
Resource filter: App.Object_*
Actions: Create, Read
Conditions: !resource.App.stream.Empty() and resource.App.HasPrivilege("read") and (resource.objectType = "userstate" or ((resource.objectType = "story" and story.owner=user) or (resource.objectType ="bookmark" and bookmark.owner=user) or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark")) and !user.IsAnonymous()
But this rule removes the capability of Users to create book marks, stories etc.
Can anyone point out where i am going wrong?
Hi Ashutosh,
What you need to do just restrict Sheet in security rule , Donot add any rule for what you want to show to your concern user because by default user can see everything , Security rules are here for restrict objects from a user .
That is the requirement.
If you see the security rule closely, I have tried to pin the ownership of app objects (bookmarks, stories, etc) to the corresponding user, but its not working -- Am I missing something?
Hi Ashutosh,
As you have created your security rule , you are trying to grant the access of story , book mark to user but what you need to do , try to restrict user to sheets only , by default rest of the object like bookmarks can be accessible to your user.
I understand what you mean. But the point is, I want the users to create stories, bookmarks etc. (but not sheets) -- so if I provide "Read" access to Sheets, it will only provide read access to bookmarks, stories etc. But they will not be able to create bookmarks, stories etc.
Thanks Rohit for you help.
Was able to create the rule as below to have users create app objects (except sheets), and the users should not be able to see app objects (bookmarks, stories etc.) created by other users).
Should be useful for anyone looking for such a requirement.
Resource Filter: App.Object_*
Actions: Create
Condition: !resource.App.stream.Empty() and (resource.objectType = "userstate" or resource.objectType = "story" or resource.objectType = "bookmark" or resource.objectType = "snapshot" or resource.objectType = "embeddedsnapshot" or resource.objectType = "hiddenbookmark") and !user.IsAnonymous()
Hi Ashutosh,
What if you provide Create Access too ?