Documentation: Flowy Permissions
Base concept
Flowy has - in general - three levels of permissions on objects:
- Use: enables the usage of an object, which is very useful i.e. for scenarios where ops manages credentials while the developer and support team "just" uses them
- View: contains the functions of
usebut provides additionally read-only access to the object - Edit: provides all possibilities of
viewextended by the capability to edit object characteristics
Default roles
Flowy offers the following default roles:
| Name | Description |
|---|---|
| CREDENTIAL_CREATOR | Enables the creation of new credentials; each credential contains its own role definitions for usage/view/edit |
| CREDENTIAL_DELETER | Enables the deletion of credentials |
| ENTITY_CREATOR | Enables the creation of new entities |
| ENTITY_DELETER | Enables the deletion of entities |
| GDPR_ADMIN | Provides access to the GDPR overview |
| LIBRARY_CREATOR | Enables the creation of new libraries |
| LIBRARY_DELETER | Enables the deletion of new libraries |
| MODULE_CREATOR | Enables the creation of new modules; each module contains its own role definitions for usage/view/edit |
| MODULE_DELETER | Enables the deletion of modules |
| PLUGIN_CREATOR | Enables the creation of new plugin-ins; each plug-in contains its own role definitions for usage/view/edit |
| PLUGIN_DELETER | Enables the deletion of plug-ins |
| PROCESS_CREATOR | Enables the creation of new processes; each process contains its own role definitions for usage/view/edit |
| PROCESS_DELETER | Enables the deletion of processes |
| ROLE_CREATOR | Enables the creation of new roles; each role contains its own role definitions for usage/view/edit |
| ROLE_DELETER | Enables the deletion of roles |
| SELF_REGISTERED | Is automatically assigned to users signing up through self-sign-up |
| SETTING_CREATOR | Enables the creation of new settings; each setting contains its own role definitions for usage/view/edit |
| SETTING_DELETER | Enables the deletion of settings |
| TELEMETRY_ADMIN | Provides access to the telemetry data generated by Flowy |
| TEMPLATE_CREATOR | Enables the creation of new templates; each template contains its own role definitions for usage/view/edit |
| TEMPLATE_DELETER | Enables the deletion of templates |
| TRIGGER_CREATOR | Enables the creation of new triggers; each trigger contains its own role definitions for usage/view/edit |
| USER_CREATOR | Enables the creation of new users |
| VALIDATION_RULE_CREATOR | Enables the creation of new validation rules; each validation rule contains its own role definitions for usage/view/edit |
| VALIDATION_RULE_DELETER | Enables the deletion of validations |
Virtual roles
AUTHENTICATED respective UNAUTHENTICATED are special, virtual roles. They can't be assigned to user accounts directly. Instead they are automatically mapped: any authenticated user automatically has the AUTHENTICATED role while all others have the default UNAUTHENTICATED role.
This provides the necessary capabilities to enable - if desired - public access to triggers.
Trigger permissions
In order to execute trigger, users need to belong to either any kind of role.
In order to be able to link to a process, the editing user is required to have at least an use role for the process.