Skip to main content
Version: v4.6

Permission profile use case

During the project setup, a permission profile is created for the datasource orchestrator. This gives the orchestrator its own permission set so that it can interface with secure services, spaces, and data that the user does not have permissions for.

For example, if the user does not have write permissions for a particular telemetry collection, the orchestrator that the user runs can perform its programmed write task on that telemetry collection.

Permission profile example#

During project setup, a permission profile is created to give the datasource orchestrator write permissions to a designated telemetry collection.

Code reference#

To reference this code, in the ReferenceApp folder, go to the createCollections.js file and find the createPermissionProfile function.

This function contains the permission profile definition, and the API call used to post the permission profile definition to the Passport Service.

First, the function creates the variable permissions and assigns it the permission profile definition:

...  let permissions = [    {      _name: "viewer_orch_perms1",      _userType: "viewer_orch_perms",      _namespaces: [        project._namespaces[0]      ],      _permissions: [        {          _actions: [            "READ",            "SHARE"          ],          _namespace: project._namespaces[0],          _resourceDesc: {            _irn: irnValue,          }        },        {          _actions: [            "READ",            "SHARE",            "DELETE"          ],          _namespace: project._namespaces[0],          _resourceDesc: {            _irn: "itemsvc:nameduseritem:*",          }        }      ]    }  ]...

Next, the createPermissionProfiles API method posts the permission profile to the Passport Service:

  ...  let result = await PlatformApi.IafPassSvc.createPermissionProfiles(permissions, ctx);  ...

This is the complete createPermissionProfile function:

const createPermissionProfile = async () => {  const workspaceId = project._id;  const irnValue = 'passportsvc:workspace:' + workspaceId;  let permissions = [    {      _name: "viewer_orch_perms1",      _userType: "viewer_orch_perms",      _namespaces: [        project._namespaces[0]      ],      _permissions: [        {          _actions: [            "READ",            "SHARE"          ],          _namespace: project._namespaces[0],          _resourceDesc: {            _irn: irnValue,          }        },        {          _actions: [            "READ",            "SHARE",            "DELETE"          ],          _namespace: project._namespaces[0],          _resourceDesc: {            _irn: "itemsvc:nameduseritem:*",          }        }      ]    }  ]  let result = await PlatformApi.IafPassSvc.createPermissionProfiles(permissions, ctx);}