Permissions in Rulex Factory
In both versions of the Factory (cloud and standalone) each user/group has specific permissions, which define what actions they can perform (e.g. view, execute, delete) on which resources.
They can be set on a single resource, or on an environment (containing a collection of resources).
Setting permissions is extremely important when there are multiple users/groups working on the same Rulex Platform installation, and can result in a different experience.
Permission types and operations
Permission type | Description |
|---|---|
Allow | The user is allowed to perform the specified operation. |
Inherited | The user inherits the Allow or the Deny permission from the Environment’s permissions. |
Deny | The user isn’t allowed to perform the specified operation. |
There are different operations which can be associated with the permission types, which define which actions may be allowed or denied:
Operation | Description |
|---|---|
View | If allowed, the user or group can visualize the resource or the environment, without being able to modify it. (E.g.: use a saved source in a task without the possibility to modify it) |
Share | If allowed, the user or group can export the resource to file or to a repo. (E.g.: export a flow) |
Modify | If allowed, the user or group can modify the resource’s or environment’s characteristics. (E.g.: environment variables, tasks, tasks characteristics) |
Execute | If allowed, the user or group can execute the resource (flows, views and macros only). (E.g.: compute a flow) |
Create | If allowed, the user or group can create a resource or an environment. This permission is available when setting Environment permissions only, as you cannot create an environment or a resource within a resource. (E.g.: create an environment) |
Delete | If allowed, the user or group can delete the resource or the environment. (E.g. delete a vault) |
Edit permissions | If allowed, the user or group can change the other permissions on the current resource or environment. (E.g.: change all the permissions listed above) |
Bright colors indicate set permissions, while darker colors indicate those that have been consequently inherited. For example, if Modify is set to Deny, Delete will automatically be set to Deny as well.
The Edit Permissions option is only available when all other permissions have been allowed.
Rules target
You can add rules (a set of permissions) to specific targets.
You can perform this operation only if you have the Edit permission allowed.
The following targets are identified in Rulex Factory, which correspond to those in Linux.
Add new rule for: | Description | Constraints |
|---|---|---|
User | Rules apply only to the specified user. | If the user permissions are different from those of the corresponding group, the user permissions are valid. If the user permissions are inherited, the corresponding group’s permissions are valid for the user. |
Group | If specific groups of users exist in the standalone version, you can create rules valid for each member. | If a user belongs to two or more groups, and the permission types don’t correspond, the Allow permission type wins. (e.g.: user A belongs to group_1 and group_2, where group_1 has the Modify permissions set to Deny, and group_2 has the Modify permissions set to Allow. |
Other | You can create rules for other users, which are neither admins, nor group members in the standalone version. | Permissions set for Other apply to groups and users whose permissions are set to Inherited and don’t consequently inherit specific permissions. These are the most general permissions. |
Setting permissions
Prerequisites
you must have the Edit permissions allowed.
Procedure
Click Explore Resources.
In the Resources pane, select the resource for which you want to set permissions.
Right-click or click on the three-dotted button and select Permissions. The Edit permissions dialog box is divided into three sections:
Effective permissions with the permissions related to the current user,
Permissions for current resource with the permissions currently set for the current flow/environment,
Inherited permissions, with the permissions set at environment level, which will be inherited by the resource if individual permissions are not specified.
Click Add new rule for user to add a row for a defined user on the machine and to set specific permissions;
Click Add new rule for group to add a new rule for a defined group of users.
Click Add new rule for other to add a new rule for all the other users.
Click Apply.