Overview

  • A permission grants or denies read and write operations and access on a specific entity.

  • An entity maps to an existing API endpoint in the Mage application.

  • A permission can grant or deny access to a specific entity with a specific UUID.

  • Each operation and attribute operation has an access level that denies access to a specific entity for that particular operation or attribute operation.

    • When denying an attribute operation, define the set of attributes that the permission forbids the user from querying, reading, or writing.

Operations

Attribute operations

Query attributes

When granting Query access, you must define the set of query parameters this permission allows.

Read attributes

When granting Read access, you must define the set of attributes this permission allows the user to read.

Write attributes

When granting Write access, you must define the set of attributes this permission allows the user to write.


Groups

The following access levels contain logic that grants access to multiple operations and attribute operations.

The attribute operation that the group access grants still requires you to define the specific set of attributes that the user is permitted to query, read, or write.


Special conditions


Entity names

ALL

Using this entity for a permission will grant the operation or attribute operation for every entity listed above.

ALL_EXCEPT_RESERVED

Using this entity for a permission will grant the operation or attribute operation for every entity listed except the following entities:

  1. Oauth
  2. OauthAccessToken
  3. OauthApplication
  4. Workspace

Was this page helpful?