Resources and IRNs
Understanding Resources and IRNs#
Each Twinit service manages its own unique resources. For instance, the Passport Service manages applications, users, user groups, and workspaces. The item service manages NamedUserItems such as Scripts, Configs, NamedUserCollections, and more. The File Service manages Files and Folders.
Using a combination of a resource, allowed actions, and a user or user group, you can define a permission. To do so you will need an IRN.
An IRN is a way of referring to resources at various levels of specificity on Twinit.
Three identifiers, separated by colons, are used to construct an IRN.
[ A Service Identifier ] : [ A Resource Type Identifier ] : [ A Resource Identifier ]
You may also use the * character to denote everything for any level of identifier.
The simplest IRN you can use is
* : * : *
This IRN would denote all resources of all types in every service. Be very careful with this IRN, as you'll be granting someone access to every service and resource in Twinit.
filesvc : * : *
denotes all resources of all resources types in the File Service.
filesvc : file : *
denotes all resources of type 'file' in the File Service.
filesvc : file : 8a972d06-e881-4452-b140-ab5644d743ec
denotes the file with the _id 8a972d06-e881-4452-b140-ab5644d743ec in the File Service.
When creating permissions for users and user groups you will most likely use a combination of all levels of IRN to create the correct level of permissions to resources based on the users' roles.
List of Services and Resource Types#
Here is a sampling of Twinit service identifiers and the resource type identifiers for a few of the Twinit Services. The documentation for each service on twinit.dev provides a complete list of resources.
| Service | Service Identifier | Resource Types |
|---|---|---|
| Passport Service | passportsvc | usergroup, workspace, permission_profile, publish_request |
| Item Service | itemsvc | nameduseritem, telemetryconfig |
| File Service | fileservice | file |
| Object Model API Service | objectmodelsvc | apiconfigdef |
If you are using the IafPermission platform api library a complete list of resources are available on
IafPermission.Resources.