Skip to main content

Introduction to Limit access to Views and actions - Activity

Frends configuration

Ossi Galkin avatar
Written by Ossi Galkin
Updated over 9 months ago

Limit access to Views and actions - Activity

The activity-based configuration is based on a two-part configuration scheme where individual activities are defined by the controller and action names. A Controller essentially represents a menu item on the Control Panel, and an action is functionality available for user to perform. The following activities are available for configuration.

  • *.* All permissions

  • *.Admin Admin permissions

  • *.Edit Edit permissions

  • *.View View permissions

  • ApiManagement.* APIs All permissions

  • ApiManagement.View APIs View permissions

  • ApiManagement.Edit APIs Edit permissions

  • Process.* Process All permissions

  • Process.View Process View permissions

  • Process.Edit Process Edit permissions

  • Process.Deploy Process Deploy

  • Process.Start Process Run once

  • Processinstance.* Process Instance All permissions

  • Processinstance.View Process Instance View permissions

  • Processinstance.Edit Process Instance Edit (terminating and deleting instances, acknowledging errors) permissions

  • Environment.* Environment All permissions

  • Environment.Edit Environment Edit permissions

  • Environment.Admin Environment Admin permissions

  • Task.* Task All permissions

  • Task.View Task View permissions

  • Task.Edit Task Edit permissions

  • MonitoringRules.* Monitoring rules All permissions

  • MonitoringRules.View Monitoring rules View permissions

  • MonitoringRules.Edit Monitoring rules Edit permissions

  • EnvironmentVariables.Edit Environment Variables Edit permissions

  • UserManagement.Admin User management Admin permissions

  • ApiKeyManagement.Admin API Keys Admin permissions

  • Common.View Common View permissions

Following wildcards are supported for activities

  • *.* - match all activities

  • *.{action} - match all actions with given name in every controller

  • {controller}.* - match all actions for given controller

Order of the activities being authorized

  • Explicitly allowed activity (e.g. Process.Start)

  • Explicitly denied activity (e.g. Process.Deploy)

  • Wildcard allowed activity (e.g. Process.*)

  • Wildcard denied activity (e.g. *.Edit)

  • Full allow wildcards (*.*)

  • Full deny wildcards (*.*)

This means that if activity has been configured with explicit allow option, then it cannot be overridden by any following value.

When creating a new role, you should always add the "Common.View" rule, as it is required when, for example, seeing the navigation menu as well as other common views.

Example

Developer that can view everything and edit Processes and start Processes. But the users of this role can not e.g. acknowledge errors due lack of Processinstance.Edit rule.

Did this answer your question?