Reputation: 11
User role based asset permissions for WSO2 Governance Registry 5.4.0
We would like have fine grained asset permissions based on the user roles. For example, we have billing and sales departments, we have defined, a billing publisher user role for billing department, and a sales publisher role for sales department. A user cannot be in billing and sales at the same time. The Bill publisher should not be able to create or modify assets of sales department. Of course the internal/publisher has write permission to all assets.
We are able to assign the login user the correct department specific publisher role, but all the assets created has only internal/publisher permission, no department specific role permissions are assigned even though the login user has department specific publisher role. It looks like asset permissions inherit from its parents in the storagePath, rather than inherit from the user roles who created it.
We do not want the billing publisher to go into carbon console to manually assign billing publisher permissions to every asset he/she has created. Are there any other options to add permissions to an asset based on the user roles who created it? BTW, how to access the login user object and the login user’s roles in asset.js while the asset is being created?
What we want is 1) we don't want to give internal/publisher role to billing dept, billing dept should have only billing publisher role; 2)assets created by billing publisher can only be modified by billing publisher and internal/publisher; 3)no extra steps to manipulate the permissions once asset is created. We have thought about giving different dept their own storagePath(ex: /trunk/restcroservice/@{myDept}/@{overview_version}/@{overview_name}) . We do not want to create a new field in the UI just to get the department name. We can use the user role to determine the dept name and save it to a hidden field on the UI when user is creating a new asset. Then the problem is how to get the user role list while I’m preparing the asset UI, such as in publisher.commons.js file or theme.js file? I couldn't find any documentation on getting the user roles in javascript.
Would appreciate any help!
Upvotes: 1
Views: 86
Answers (1)
Reputation: 2638
I believe you can achieve this using G-Reg publisher permission model. Once billing department specific asset is created, billing publisher can remove, edit and delete permission from sales user roles(other than internal/publisher) and grant them view permission.
Upvotes: 0
Related Questions
- Role-based Permissions
- WSO2 Governance REGDB
- WSO2 - SaaS Service Provider Permissions in a Multitenant environment
- WSO2 Governance Registry Json Schema
- Integration of WSO2 Governance Registry with WSO2 Data Analytic Server
- wso2 Identity Server - ACL based on role to manage user access to webapps
- WSO2 IS 5.0 SP1 : User/Role management in Multitenancy
- Manage external custom permissions with WSO2 Identity Server?
- WSO2 Enterprise Store 1.0.0: access control
- WSO2 Changing ServerRole for Governance Registry Projects