IPermissionPolicy
Defines a system level policy for a specific permission. All conditions must be met for the permission to be granted. Additinonal conditions may be added by an entity to further limit access when the permission is checed in the contex to the entity. e.g. "hub:project:create" in the context of an Initiative, may further restrict to members of a specfic group
Properties
Property | Type | Notes |
---|---|---|
Permission |
Permission being defined |
|
HubSubsystem[] |
What subsystems are required to be online for this permission to be granted |
|
Optional | boolean |
Is this gated to alpha orgs? |
Optional | IPolicyAssertion[] |
More complex policies can be defined with a set of assertions |
Optional | boolean |
Must the user authenticated? |
Optional | boolean |
Is the user an owner of the entity being accessed? |
Optional | boolean |
Must the user be the owner of the entity being accessed? |
Optional | HubLicense[] |
What licenses are required for this permission to be granted. This is checking the licese of the current user's org. It is not transitive to the entity being accessed. e.g. If a user is in a Partner "hub-basic" org, they can not create "premium" entities (e.g. Projects) |
Optional | PlatformPrivilege[] |
Any platform level privileges required for this permission to be granted e.g. "portal:user:createItem" |
Interface defined in common/src/permissions/types/IPermissionPolicy.ts:14