Permissions
Create granular permissions for CRUD operations on any API endpoint.
Overview
-
A permission grants or denies read and write operations and access on a specific entity.
-
An entity maps to an existing API endpoint in the Mage application.
-
A permission can grant or deny access to a specific entity with a specific UUID.
-
Each operation and attribute operation has an access level that denies access to a specific entity for that particular operation or attribute operation.
- When denying an attribute operation, define the set of attributes that the permission forbids the user from querying, reading, or writing.
Operations
Attribute operations
Query attributes
When granting Query
access, you must define the set of query parameters this permission allows.
Read attributes
When granting Read
access, you must define the set of attributes this permission
allows the user to read.
Write attributes
When granting Write
access, you must define the set of attributes this permission
allows the user to write.
Groups
The following access levels contain logic that grants access to multiple operations and attribute operations.
The attribute operation that the group access grants still requires you to define the specific set of attributes that the user is permitted to query, read, or write.
Special conditions
Entity names
ALL
Using this entity for a permission will grant the operation or attribute operation for every entity listed above.
ALL_EXCEPT_RESERVED
Using this entity for a permission will grant the operation or attribute operation for every entity listed except the following entities:
Oauth
OauthAccessToken
OauthApplication
Workspace
Was this page helpful?