Resource permissions

In both versions of Rulex Platform (cloud and standalone) each user has specific permissions, which define what actions can be performed (e.g. view, execute, delete) on which resources.

Permissions can be then set on a single resource, or on an environment (containing a collection of resources).

Setting permissions is extremely important when there are multiple users/groups working on the same Rulex Platform installation, as it allows end users to achieve data separation, data segregation and data meshing.


Permission definition

Each permission can take three different values:

Permission type

Description

Allow

The user is allowed to perform the specified operation.

Inherited

The user inherits the Allow or the Deny permission from the Environment’s permissions.

Deny

The user isn’t allowed to perform the specified operation.

Permission types such as Allow and Deny can be set for different operations:

Operation

Description

View

If this operation is set to Allow, the user or group can visualize the resource or the environment, without being able to modify it. (E.g.: using a saved source in a task without the possibility to modify it)

Share

If this operation is set to Allow, the user or group can export the resource to a file or to a repo. (E.g.: export a flow)

Modify

If this operation is set to Allow, the user or group can modify the resource’s or environment’s characteristics. (E.g.: environment variables, tasks, tasks characteristics)

Execute

If this operation is set to Allow, the user or group can execute the resource (flows, views and macros only). (E.g.: compute a flow)

Create

If this operation is set to Allow, the user or group can create a resource or an environment.This permission is available when setting Environment permissions only, as you cannot create an environment or a resource within a resource. (E.g.: create an environment)

Delete

If this operation is set to Allow, the user or group can delete the resource or the environment. (E.g. delete a vault)

Edit permissions

If this operation is set to Allow, the user or group can change the other permissions on the current resource or environment. (E.g.: change all the permissions listed above)

See also

  • Brighter shades of a color indicate specifically set permissions, while darker colors indicate those that have been consequently inherited. For example, if Modify is set to Deny, Delete will be automatically set to Deny as well.

  • If a user/group has the Edit Permissions operation set to Allow, it will be then possible to change all the other permissions, and consequently to take full control of the resource/environment.


Add a new rule permission

Permissions are granted by adding new rule valid for user or group or other.

Tip

A rule for other means a rule applied to any user/group for which no rules have been created.

Add new rule for:

Description

Constraints

User

Rules applied only to the specified user.

If the user permissions are different from those of the corresponding group, the user permissions override the group ones.
If the user permissions are inherited, the corresponding group’s permissions are then applied to the user.

Group

If specific groups of users exist in the standalone version, you can create rules valid for each group member.

If a user belongs to two or more groups, and the permission types between the two groups or among the groups don’t correspond, the Allow permission type will then override the other ones.
(e.g.: user A belongs to group_1 and group_2, where group_1 has the Modify permissions set to Deny, and group_2 has the Modify permissions set to Allow.
User A will have the Modify permissions set to Allow.)

Other

You can create rules for other users, which are neither admins, nor group members in the standalone version.

These are the most general permissions.


Setting permissions

Changing existing rules or add new ones to a specific resource/environment is an intuitive operation, which can be performed in a few steps.

Prerequisites

  • you must have the Edit permissions set to Allow.

Procedure

  1. Click on the Explore Resources icon.

  2. In the Explorer panel, select the resource for which you want to set permissions.

  3. Right-click or click on the three-dots icon and select Permissions. The Edit permissions dialog box is divided into three sections:
    • Effective permissions display the permissions related to the current user,

    • Permissions for current resource display the permissions set for the current flow/environment,

    • Inherited permissions can be found in the right-hand corner of the dialog box. This tab shows the permissions set at environment level, which will be inherited by the resource if no individual permissions are specified.

  4. If you want to add a row for a defined user on the machine and to set specific permissions, you will click on Add new rule for user;

  5. If you want to add a row for a defined group of users, you will click on Add new rule for group. In the desktop version, a group with the name of the machine is always added to the group list that includes all account users defined in the machine itself.

  6. If you want to add a row valid for all the other users, you will click on Add new rule for other.

  7. Click Apply.