fix: Rehaul Granular Access Control Docs #2255
Conversation
- Initial structural changes to sidebar - Concept doc - Default Role - Reference - Instance Administrator Role - Broken link fixes
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
|
|
||
| ## Core components | ||
|
|
||
| * **Permissions** - define what actions a user can perform on specific resources. Every resource in Appsmith whether it’s an app, a page, a workflow, a datasource and environment, or a query can have granular permissions set for actions like create, read, update, and delete. |
There was a problem hiding this comment.
a datasource and environment, or a query : This sounds odd. datasource, environment or query sounds better. Any reason to try and link datasource and environment together?
There was a problem hiding this comment.
In one of the user tests it came up that datasources and environment tab is there, so that should be intuitive for users to connect the dot.
|
|
||
| Despite having extensive permissions, the Instance Administrator role in Appsmith cannot perform the following tasks: | ||
|
|
||
| - Inability to access or update individual workspaces or app content. This means that Instance Administrators cannot view or edit the specific content within each workspace or app, such as queries, datasources, or their configurations. |
There was a problem hiding this comment.
The instance administrator though has permission to assign any role to itself or to any user. This means that if the instance admin does need to take over an individual workspace, they can assign the default workspace role to themselves or to any other user to get access.
There was a problem hiding this comment.
Leaving it here in case we want to add this as a caveat or a way to unblock the user if thats what they are looking for.
| </thead> | ||
| <tbody> | ||
| <tr> | ||
| <td>Workspace</td> |
There was a problem hiding this comment.
This setting doesn't exist in Application Resources page.
| <tr> | ||
| <td>Application</td> | ||
| <td>NA</td> | ||
| <td>Allows running queries for the given application.</td> |
There was a problem hiding this comment.
Same as above. Execute permission is only available at query level in Application Resources page.
|
|
||
| ## Make Public permission | ||
|
|
||
| The **Make Public** permission permits users to change the access level of resources, making them available to the public. When the **Make Public** permission is assigned to a workspace or an application, it, along with the automatically assigned permissions, are inherited by the child resources. Once granted, users can enable the **Make application public** option on the _Invite Users_ modal to make an application publicly available. This option allows external users to access the app without the need to log in to Appsmith. |
There was a problem hiding this comment.
| The **Make Public** permission permits users to change the access level of resources, making them available to the public. When the **Make Public** permission is assigned to a workspace or an application, it, along with the automatically assigned permissions, are inherited by the child resources. Once granted, users can enable the **Make application public** option on the _Invite Users_ modal to make an application publicly available. This option allows external users to access the app without the need to log in to Appsmith. | |
| The **Make Public** permission permits users to change the access level of applications, making them available to the public. When the **Make Public** permission is assigned to a workspace or an application, it, along with the automatically assigned permissions, are inherited by the child resources. Once granted, users can enable the **Make application public** option on the _Invite Users_ modal to make an application publicly available. This option allows external users to access the app without the need to log in to Appsmith. |
|
|
||
| ## Invite User permission | ||
|
|
||
| The **Invite User** permission permits users to invite other users to Appsmith workspace or applications and provides access to the resources within workspace. |
There was a problem hiding this comment.
Invite user is only applicable to a Group. This permission does not exist for any other resource.
|
|
||
| ## Remove User permission | ||
|
|
||
| The **Remove User** permission permits users to remove other users from the resources in Appsmith. |
There was a problem hiding this comment.
Permission only applicable in a User Group and no other resource.
|
|
||
| ## Associate Role permission | ||
|
|
||
| The **Associate Role** permission permits users to assign or change roles of other users in Appsmith. |
There was a problem hiding this comment.
Kinda confused about the structuring of this. Associate role is a permission given on a particular role. If the user has this permission for a role, the user would be able to assign this particular role to any user or a group.
Description
Provide a concise summary of the changes made in this pull request
- Landing page
- How-to Guides
- Configure default access to Apps
- Reference
- Default Roles
- Custom Roles
- Permissions
- Troubleshooting
- GAC errors
Pull request type
Check the appropriate box:
*
Documentation tickets
Link to one or more documentation tickets:
Checklist
From the below options, select the ones that are applicable: