IPermissionPolicy
Defines a system level policy for a specific permission. All conditions must be met for the permission to be granted. Additinonal conditions may be added by an entity to further limit access when the permission is checed in the contex to the entity. e.g. "hub:project:create" in the context of an Initiative, may further restrict to members of a specfic group
Properties
Property | Type | Notes |
---|---|---|
Permission |
Permission being defined |
|
Optional | IPolicyAssertion[] |
More complex policies can be defined with a set of assertions |
Optional | boolean |
Must the user authenticated? |
Optional | HubAvailability[] |
Is this permission gated to a specific availability? This is used to limit access to features that are not yet available in production |
Optional | Permission[] |
Parent permissions this permission is dependent on |
Optional | boolean |
Can an entity provide additional conditions to further limit access? |
Optional | boolean |
Can the user delete the entity being accessed? |
Optional | boolean |
Is the user an owner of the entity being accessed? |
Optional | boolean |
Must the user be the owner of the entity being accessed? |
Optional | HubEnvironment[] |
Is this permission gated to a specific environment? (e.g. devext, qaext) This is used to limit access to features that are not yet available in production |
Optional | boolean |
Value set by the feature flagging system to override the default permission behavior. This can be used to
demo features to specific users or groups, during a specific user session.
If |
Optional | HubLicense[] |
What licenses are required for this permission to be granted. This is checking the licese of the current user's org. It is not transitive to the entity being accessed. e.g. If a user is in a Partner "hub-basic" org, they can not create "premium" entities (e.g. Projects) |
Optional | number |
Policy will deny access until portal.currentVersion matches or is greater than this value. e.g. |
Optional | PlatformPrivilege[] |
Any platform level privileges required for this permission to be granted e.g. "portal:user:createItem" |
Optional | string |
Policy will deny access on PROD, until after this date. Format must be ISO Date Time format: YYYY-MM-DDTHH:mm:ss.sssZ This is primarily used to prevent access to features that require coordination with documentation/string translations, which have specific delivery dates. |
Optional | string |
Policy will deny access on PROD, starting after this date. Format must be ISO Date Time format: YYYY-MM-DDTHH:mm:ss.sssZ This is primarily used to allow for deprecation of features, with a known retirement date. This should be used sparingly, and only when there is a clear deprecation path for users. |
Optional | HubService[] |
What services are required to be online for this permission to be granted |
Interface defined in packages/common/src/permissions/types/IPermissionPolicy.ts:13