davidwatkins73
commented
4 months ago - [ ] Create involvement groups
- [ ] Create permission groups
- [ ] Add apps to permission group
- [ ] Add involvements to involvement group
Open davidwatkins73 opened 4 months ago
davidwatkins73
commented
4 months ago davidwatkins73
commented
3 months ago Some doc on permissions in general:
title: Permissions {
near: top-center
shape: text
style: {
font-size: 40
bold: false
underline: false
}
}
cg: Coarse Grained {
u: user
r: role
ur: user role
u <- ur
r <- ur
explanation: |md
## Coarse Grained
- Granted to specific users
- Applies to all entities
Example:
Users with the _Flow Admin_ role can update any flow
|
}
fg: Fine Grained {
explanation: |md
## Fine Grained
- Defines permissions in terms of involvement
- Involvements tie people to specific entities
Example
Only _Asset Owners_ can update _Functions_
|
pg: permission group
ig: involvement group
i: involvement
ik: involvement kind
pers: person
ref: entity
pg -> ig
ig -> i
pers <- i
ik <- i
ref <- i
}Query for viewing the current set of fine grained permissions:
select pg.name, pg.external_id, pg.id,
pgi.parent_kind, pgi.subject_kind,
pgi.qualifier_kind, pgi.qualifier_id, coalesce(mc.name, ad.name, null),
pgi.operation,
ig.name, ig.id, ig.external_id,
ik.name, ik.external_id, ik.id
from involvement_group ig
inner join permission_group_involvement pgi on ig.id = pgi.involvement_group_id
inner join involvement_group_entry ige on ig.id = ige.involvement_group_id
inner join involvement_kind ik on ik.id = ige.involvement_kind_id
inner join permission_group pg on pg.id = pgi.permission_group_id
left join measurable_category mc on pgi.qualifier_id = mc.id and pgi.qualifier_kind = 'MEASURABLE_CATEGORY'
left join assessment_definition ad on pgi.qualifier_id = ad.id and pgi.qualifier_kind = 'ASSESSMENT_DEFINITION'
;Things to note:
pg) is not the default
mc and ad