Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi!
I want to be able to have a "Publish Admin" role, where the developers can only publish new versions of apps they are allowed to develop on. There are other apps which they can see, but shouldn't be able to duplicate. Any idea how to do this?
User: .\test1
Streams: Newstream, Secondstream
Read, Publish-rights on both streams.
First a custom property:
Name: CanPublish
Resource types: Users, Streams
Values: [e.g.stream name - doesn't have to be identical to the actual stream name, as long as the value is identical on user and stream], ex. Newss
We add this custom property on:
User: ”test1” with value ”Newss”
Stream: ”NewStream” with value ”Newss”
Two rules is needed:
One for what you can see in the QMC
Name: _LocalAdmin QMC
Resource filter: QmcSection_App
Actions: Read
Conditions: user.roles="LocalAdmin"
Context: Only in QMC
One for what you should be able to do with the apps:
Name: _LocalAdmin apps
Resource filter: Stream_*,App_*,App.Object_*,Tag_*
Actions: all
Conditions: user.roles="LocalAdmin" and (
(resource.resourcetype="App" or resource.resourcetype="App.Object" or resource.resourcetype="Stream" or resource.resourcetype="Tag") and
(resource.stream.@CanPublish=user.@CanPublish or resource.app.stream.@CanPublish=user.@CanPublish ) or
(resource.IsOwned() and resource.owner = user)
)
Context: Only in QMC
First question:
The result is that users can duplicate all apps he can see, and he can replace all apps in streams where both he and the stream has the same custom property value on "CanPublish" (see attached yes.png). How can I deny him access on "SecondStream" (see attached no.png) ?
Without the (resource.IsOwned() and resource.owner = user) the user can't duplicate his own apps, nor duplicate or replace apps that are present in the streams he should be "LocalAdmin" to.
Second question:
With these added conditions (+ QMC sections rules), he can add tasks under the QMC sections, but for some reason the "Create new reload task" under the Apps section of QMC is grayed out. Any idea how to allow this directly under Apps section of QMC?
Resource filter: Stream_*,App_*,App.Object_*,Tag_*, ReloadTask_*,SchemaEvent_*,CompositeEvent_*
Actions: all
Conditions: user.roles="LocalAdmin" and (
(resource.resourcetype="App" or resource.resourcetype="App.Object" or resource.resourcetype="Stream" or resource.resourcetype="ReloadTask" or resource.resourcetype="SchemaEvent" or resource.resourcetype="CompositeEvent" or resource.resourcetype="Tag") and
(resource.stream.@CanPublish=user.@CanPublish or resource.app.stream.@CanPublish=user.@CanPublish) or
(resource.IsOwned() and resource.owner = user)
)
Context: Only in QMC