Calling Developers!
We are reenergizing our code contribution process! Learn More

What are the Slack Archives?

It’s a history of our time together in the Slack Community! There’s a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.

Because this space is not active, you won’t be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..

*User Roles* What are the best practices for setting up user roles in Spryker? It's unclear to me if

Options
U01GWMBAEAD
U01GWMBAEAD Posts: 3 🧑🏻‍🚀 - Cadet

User Roles
What are the best practices for setting up user roles in Spryker? It's unclear to me if permissions are additive or subtractive and what the best practice is here. In many of the examples in the training, Rule 1 was allowing access to everything, then restricting access to other modules. Should I start with allowing access to everything and restricting modules from there? I took the Back Office training and looked at the documentation... haven't seen any advice on this.

Comments

  • U01LE4BMBK7
    U01LE4BMBK7 Posts: 241 🧑🏻‍🚀 - Cadet
    edited September 2021
    Options

    permissions are additive

  • U01GWMBAEAD
    U01GWMBAEAD Posts: 3 🧑🏻‍🚀 - Cadet
    Options

    The paid training examples are also restrictive, starting with allowing permissions to everything.

  • U01UHQGJDML
    U01UHQGJDML Posts: 14 🧑🏻‍🚀 - Cadet
    Options

    Is there a posibility to create a Zed user with only Read permissions?

  • UKHD8KTMF
    UKHD8KTMF Posts: 393 🧑🏻‍🚀 - Cadet
    Options

    Possible yes, but not easily done. Unless that has changed you are giving access to controller actions so the question is what is a read only access. You would need to define a role, modify the ZED so that it displays UI as read only and remove actions/buttons. Then you would need to check identity and permissions on each action. You might also want to be even more fine grained and allow editing/viewing of some fields but not the others. All this is custom project level work.

  • U01UHQGJDML
    U01UHQGJDML Posts: 14 🧑🏻‍🚀 - Cadet
    Options

    Thanks, I imagined that would be the answer, "project level" solution. Thanks for the help.