Hi,
We have a tree app in the form of :
x
βββ y
βββ z
βββ a
βββ b
βββ c
βββ d
βββ e
βββ ...
We recently noticed that our users have create rights to apps a
, b
and e
and only right access to apps c
and d
. We were expecting our users to have create rights to all the apps and are surprised that this is not the case since thereβs not much difference in the code.
All our users are in the βFull Accessβ user group.
The only difference I noticed was that the βfaultyβ apps didnβt have integration tests. So I wrote them and pushed but it didnβt change anything.
I also think that the βfaultyβ apps were published after implementing SSO for our environment. So it might be the reason but I donβt know how to fix the problem.
The issue doesnβt concern administrators, which is not convenient for testing, by the way.
Do you have any idea of whatβs going on and how we can fix the problem ?
Thanks !
Hi Pierre, thanks for reaching out, i understand that this is a bit unexpected.
Some starting questions / remarks:
- are letter a, b, c, d, e all different EntityTypes within a single tree-type app?
- have apps c and e been added in later versions of the application? im hypothesizing that we add all new entitytypes as βonly readβ to the usergroups to not accidentaly give groups to much permissions.
If you visit Administrator > UserGroups > actions menu > Edit object type permissions
for each Usergroup. This will show you the access rights and you can alter them if they donβt have the settings you want
1 Like
Thank you ! Thanks to your answer I was able to fix the issue !
- have apps c and e been added in later versions of the application? im hypothesizing that we add all new entitytypes as βonly readβ to the usergroups to not accidentaly give groups to much permissions.
They were all added with SDK 14.6.1, if I get what youβre asking.
If you visit Administrator > UserGroups > actions menu > Edit object type permissions
for each Usergroup. This will show you the access rights and you can alter them if this is not want to want
Should I understand that we will have to do this manipulation each time we add a new app ? Because we always want that (all) our users βCan useβ (all) our apps.
They were all added with SDK 14.6.1, if I get what youβre asking.
No thatβs not want i meant. I meant a new version of the app (a new publish)
Should I understand that we will have to do this manipulation each time we add a new app ? Because we always want that (all) our users βCan useβ (all) our apps.
Yes you would have to do this for every entitytype you add
Can you explain why you choose to add βappsβ as entitytypes instead of creating new apps / workspaces?
Itβs truly one app, and we add new, independant features regularly along the line. All those features are based on our same python packages, so it wouldnβt make sense to isolate them in different workspaces. Plus, refering to the schema in the first post, a z
entity can contain several types of the entities from a
to e
. So, to answer your question, they were added in different versions of the app.
Our main maintainer on the Viktor side is on vacation this week so I cannot confirm with him but I guess he was editing the usergroup permissions without the rest of us being aware.