Shared Flow Permissions - Custom Role

jyothikiranr
Participant IV

Hi

Im trying to create permissions for a custom-role on shared flows and facing an issue when verifying those roles.

My end goal is to create a custom role such that any org user who belongs to that custom role should be able to perform edit and delete only on the shared flows he/she creates. Is this possible ? I see this works as expected with proxies, but not with shared flows. And in this process I found an issue which the following describes.

Here are my steps

1. Created permissions using Management API -- Here are the permissions related to shared flows on custom-role

	{
            "organization": "ORG_NAME",
            "path": "/sharedflows",
            "permissions": [
                "put",
                "get"
            ]
        },
        {
            "organization": "ORG_NAME",
            "path": "/sharedflows/*",
            "permissions": [
                "put",
                "get"
            ]
        },
        {
            "organization": "ORG_NAME",
            "path": "/sharedflows/*/revisions/*",
            "permissions": [
                "delete",
                "put",
                "get"
            ]
        },
        {
            "organization": "ORG_NAME",
            "path": "/sharedflows/*/revisions/*/deploy",
            "permissions": [
                "delete",
                "put",
                "get"
            ]
        },
        {
            "organization": "ORG_NAME",
            "path": "/environments/*/sharedflows/*/revisions/*/deployments",
            "permissions": [
                "delete",
                "put",
                "get"
            ]
        }

2. User assigned to the newly created custom role

3. User logged in to Edge and created shared flow

4. Administrator made a management API call to see how the permissions look for newly created shared flow

        {
            "organization": "ORG_NAME",
            "path": "/sharedflows/Shared-Flow-Created-by-CustomRole/undefined",
            "permissions": [
                "delete",
                "put",
                "get"
            ]
        },

please note 'undefined' in the path. Not sure if this is a bug or if Im doing something incorrectly. Also Please let me know if my permissions are incorrect for managing shared flows. The objective is to create a custom role such that any org user who belongs to that custom role should be able to perform edit and delete only on the shared flows he/she creates.

Thank you!

Solved Solved
0 4 1,436
1 ACCEPTED SOLUTION

I would create a role per user and assign permissions that mix wildcards with 'user ids' (perhaps a prefix?) e.g.

{
  "path" : "/sharedflows/USER_ID*",
  "permissions" : ["put", "get"]
}

I would assume that only a role with POST permissions will create entities for the 'Specific User Role'. Once these entities are created the 'Specific User' will be able to edit these entities.

Also, the '

/sharedflows/*/revisions/*/deploy' path doesn't exist in the sharedflows doc.

View solution in original post

4 REPLIES 4

¿Could you share the management API call that you're using for step No. 4? Thanks.

{{MGMTSVR}}/v1/organizations{{ORG}}/userroles/{{ROLENAME}}/permissions

I would create a role per user and assign permissions that mix wildcards with 'user ids' (perhaps a prefix?) e.g.

{
  "path" : "/sharedflows/USER_ID*",
  "permissions" : ["put", "get"]
}

I would assume that only a role with POST permissions will create entities for the 'Specific User Role'. Once these entities are created the 'Specific User' will be able to edit these entities.

Also, the '

/sharedflows/*/revisions/*/deploy' path doesn't exist in the sharedflows doc.

Im testing this and possibly use a shell script to automate this. Will update soon. Thanks Ruben!