Managing rights in a tree app

πŸš€ Support (Q&A)
1

Hi,

We have a tree app in the form of :

x
└── y
    └── z
        β”œβ”€β”€ a
        β”œβ”€β”€ b
        β”œβ”€β”€ c
        β”œβ”€β”€ d
        β”œβ”€β”€ e
        └── ...

We recently noticed that our users have create rights to apps a, b and e and only right access to apps c and d. We were expecting our users to have create rights to all the apps and are surprised that this is not the case since there’s not much difference in the code.
All our users are in the β€œFull Access” user group.

The only difference I noticed was that the β€œfaulty” apps didn’t have integration tests. So I wrote them and pushed but it didn’t change anything.

I also think that the β€œfaulty” apps were published after implementing SSO for our environment. So it might be the reason but I don’t know how to fix the problem.

The issue doesn’t concern administrators, which is not convenient for testing, by the way.

Do you have any idea of what’s going on and how we can fix the problem ?

Thanks !

2

Hi Pierre, thanks for reaching out, i understand that this is a bit unexpected.

Some starting questions / remarks:

  • are letter a, b, c, d, e all different EntityTypes within a single tree-type app?
  • have apps c and e been added in later versions of the application? im hypothesizing that we add all new entitytypes as β€œonly read” to the usergroups to not accidentaly give groups to much permissions.

If you visit Administrator > UserGroups > actions menu > Edit object type permissions for each Usergroup. This will show you the access rights and you can alter them if they don’t have the settings you want

1 Like
3

Thank you ! Thanks to your answer I was able to fix the issue !

  • have apps c and e been added in later versions of the application? im hypothesizing that we add all new entitytypes as β€œonly read” to the usergroups to not accidentaly give groups to much permissions.

They were all added with SDK 14.6.1, if I get what you’re asking.

If you visit Administrator > UserGroups > actions menu > Edit object type permissions for each Usergroup. This will show you the access rights and you can alter them if this is not want to want

Should I understand that we will have to do this manipulation each time we add a new app ? Because we always want that (all) our users β€œCan use” (all) our apps.

4

They were all added with SDK 14.6.1, if I get what you’re asking.

No that’s not want i meant. I meant a new version of the app (a new publish)

Should I understand that we will have to do this manipulation each time we add a new app ? Because we always want that (all) our users β€œCan use” (all) our apps.

Yes you would have to do this for every entitytype you add

Can you explain why you choose to add β€œapps” as entitytypes instead of creating new apps / workspaces?

5

It’s truly one app, and we add new, independant features regularly along the line. All those features are based on our same python packages, so it wouldn’t make sense to isolate them in different workspaces. Plus, refering to the schema in the first post, a z entity can contain several types of the entities from a to e. So, to answer your question, they were added in different versions of the app.

Our main maintainer on the Viktor side is on vacation this week so I cannot confirm with him but I guess he was editing the usergroup permissions without the rest of us being aware.

6

thanks for your reply!