As an administrator I want to limit access to specific material assets that are in different libraries so that only a group of users can see them but do not want to modify all the materials that already exist in the libraries.
Solution: Administrators can limit access to specific assets by using attributes, group associations and security policy rules at resource level.
Steps:
1. Create an InLine List attribute containing the System Groups in your tenant e.g. Group
2. Add the attribute to the 'Record Definition' of each of the Material Libraries you wish to add limited access material assets
3. Add the Group Associations for each System Group for the 'Material Library Type' and the 'Group' attribute
4. Modify the existing security policy rules for the material assets as follows to limit asset access by group:
# Grants access to materials assets within the specific libraries by group
RULE "Access to Materials with a group in the specific library"
IF
attribute "Material Library Type" match AND
attribute "Group" match AND
resource type equal "asset"
THEN
grant "entity.write"
5. Add the a new security policy to allow access to assets without the group specification to all the users with library access:
# Grants access to materials assets within the specific libraries that have group
RULE "Access to Materials within the specific library with no group"
IF
attribute "Material Library Type" match AND
resource type equal "asset" AND
resource attribute "Group" not exist
THEN
grant "entity.write"
Note: Consider if the attribute should be a required field going forward, if it will be required and you want to ensure most assets are public adding an extra value to the Group attribute is recommended e.g. Public. This value can be associated to All Users or to individual System Groups to provide access to future assets.
Comments
0 comments
Article is closed for comments.