Direct Access to Entities

Recently we've introduced an additional security capability in Targetprocess. It makes possible to control user access permissions to entities in more precise and flexible way.

We explain the concept in our User Guide: Direct Access to Entities.

📘

Direct Access to Entities preview is released in v3.13.0.

By default the feature is toggled off now. If you would like to test it please request Support Team to activate it for your account.

Access is granted/removed by creation/deletion of EntityPermission resource.

Supported fields and references: https://md5.tpondemand.com/api/v1/EntityPermissions/meta.

Get existing Direct Access Permissions

To get a list of existing permissions, please perform an API call with the GET method. The following filters are supported: by User ID, by Entity ID, by Entity Type, by allowed Operations.

GET /api/v1/EntityPermissions?where=User.Id eq 123
GET /api/v1/EntityPermissions?where=EntityId eq 123
GET /api/v1/EntityPermissions?where=EntityType.Name eq "Feature"
GET /api/v1/EntityPermissions?where=View eq "True"

Grant Access

To add access, please perform an API call with the POST method. Provide Entity ID, Entity type ID, User ID in payload, and set to True boolean flags for allowed operations. Supported operations: View, Comment, Edit.

POST: /api/v1/EntityPermissions?token=xxxxxxxxxxxxxxx
{EntityID:54673, EntityType:{Id:17}, User:{Id:641}, View:"True"}
{EntityID:54673, EntityType:{Id:17}, User:{Id:641}, View:"True", Comment:"True"}
{EntityID:54673, EntityType:{Id:17}, User:{Id:641}, View:"True", Comment:"True", Edit:"True"}

False is default value when no permission for an operation is provided.

GrantAccess flag does nothing at the moment. Version field is system one, ignore it.

There is no check whether an entity with corresponding ID+entity type exists. So be careful and provide access to existing entities only.

You can grant access to non-supported entities, but further behavior may be buggy.

You cannot grant access to work items to Requesters.

Bulk updates are supported. Query /api/v1/EntityPermissions/bulk endpoint.

Change Access Mode

To change allowed operations for existing EntityPermission object, please post API call using POST method. Pass ID of EntityPermission object as part of URL.

POST: /api/v1/EntityPermissions/5678?token=xxxxxxxxxxxxxxx
{View:"True", Comment:"True"}

Revoke Access

To revoke access, please post API call using DELETE method. Pass ID of EntityPermission object as part of URL.

DELETE /api/v1/EntityPermissions/5678?token=xxxxxxxxxxxxxxx