getPermissionPolicy

Function

Get the policies defined for a specific permission

Parameters

Parameter Type Default Notes
permission Required Permission

Returns

Property Type Notes
permission Permission

Permission being defined

assertions Optional IPolicyAssertion[]

More complex policies can be defined with a set of assertions

authenticated Optional boolean

Must the user authenticated?

availability Optional HubAvailability[]

Is this permission gated to a specific availability? This is used to limit access to features that are not yet available in production

dependencies Optional Permission[]

Parent permissions this permission is dependent on

entityConfigurable Optional boolean

Can an entity provide additional conditions to further limit access?

entityDelete Optional boolean

Can the user delete the entity being accessed?

entityEdit Optional boolean

Is the user an owner of the entity being accessed?

entityOwner Optional boolean

Must the user be the owner of the entity being accessed?

environments Optional HubEnvironment[]

Is this permission gated to a specific environment? (e.g. devext, qaext) This is used to limit access to features that are not yet available in production

flagValue Optional boolean

Value set by the feature flagging system to override the default permission behavior. This can be used to demo features to specific users or groups, during a specific user session. If true, the permission will be granted as long as the license and privilege requirements are met. If false, the permission will be denied for all users - typically as a means to check for graceful degradation if a system is offline.

licenses Optional HubLicense[]

What licenses are required for this permission to be granted. This is checking the licese of the current user's org. It is not transitive to the entity being accessed. e.g. If a user is in a Partner "hub-basic" org, they can not create "premium" entities (e.g. Projects)

platformVersion Optional number

Policy will deny access until portal.currentVersion matches or is greater than this value. e.g. 2025.3 This is primarily used to prevent access to features that require coordination with specific ArcGIS Online releases. Do not use this for Enterprise version checks! Given that release cadence, we need to ungate features based on the Enterprise release cycle, and not on specific versions.

privileges Optional PlatformPrivilege[]

Any platform level privileges required for this permission to be granted e.g. "portal:user:createItem"

releaseAfter Optional string

Policy will deny access on PROD, until after this date. Format must be ISO Date Time format: YYYY-MM-DDTHH:mm:ss.sssZ This is primarily used to prevent access to features that require coordination with documentation/string translations, which have specific delivery dates.

retireAfter Optional string

Policy will deny access on PROD, starting after this date. Format must be ISO Date Time format: YYYY-MM-DDTHH:mm:ss.sssZ This is primarily used to allow for deprecation of features, with a known retirement date. This should be used sparingly, and only when there is a clear deprecation path for users.

services Optional HubService[]

What services are required to be online for this permission to be granted


Function defined in packages/common/src/permissions/HubPermissionPolicies.ts:362