Direct Access to Entities
Recently we've introduced an additional security capability in Targetprocess. It makes possible to control user access permissions to entities in more precise and flexible way.
We explain the concept in our User Guide: Direct Access to Entities.
Direct Access to Entities preview is released in v3.13.0.
By default the feature is toggled off now. If you would like to test it please request Support Team to activate it for your account.
Access is granted/removed by creation/deletion of EntityPermission
resource.
Supported fields and references: https://md5.tpondemand.com/api/v1/EntityPermissions/meta.
Get existing Direct Access Permissions
To get a list of existing permissions, please perform an API call with the GET method. The following filters are supported: by User ID, by Entity ID, by Entity Type, by allowed Operations.
GET /api/v1/EntityPermissions?where=User.Id eq 123
GET /api/v1/EntityPermissions?where=EntityId eq 123
GET /api/v1/EntityPermissions?where=EntityType.Name eq "Feature"
GET /api/v1/EntityPermissions?where=View eq "True"
Grant Access
To add access, please perform an API call with the POST method. Provide Entity ID, Entity type ID, User ID in payload, and set to True boolean flags for allowed operations. Supported operations: View, Comment, Edit.
POST: /api/v1/EntityPermissions?token=xxxxxxxxxxxxxxx
{"EntityID":54673, "EntityType":{"Id":17}, "User":{"Id":641}, "View":"True"}
{"EntityID":54673, "EntityType":{"Id":17}, "User":{"Id":641}, "View":"True", "Comment":"True"}
{"EntityID":54673, "EntityType":{"Id":17}, "User":{"Id":641}, "View":"True", "Comment":"True", "Edit":"True"}
False
is default value when no permission for an operation is provided.
GrantAccess
flag does nothing at the moment. Version field is system one, ignore it.
There is no check whether an entity with corresponding ID+entity type exists. So be careful and provide access to existing entities only.
You can grant access to non-supported entities, but further behavior may be buggy.
You cannot grant access to work items to Requesters
.
Bulk updates are supported. Query /api/v1/EntityPermissions/bulk
endpoint.
Change Access Mode
To change allowed operations for existing EntityPermission
object, please post API call using POST method. Pass ID of EntityPermission
object as part of URL.
POST: /api/v1/EntityPermissions/5678?token=xxxxxxxxxxxxxxx
{"View":"True", "Comment":"True"}
Revoke Access
To revoke access, please post API call using DELETE method. Pass ID of EntityPermission
object as part of URL.
DELETE /api/v1/EntityPermissions/5678?token=xxxxxxxxxxxxxxx
Updated over 1 year ago