Permissions

Updated

The permissions resource describes what a key, and therefore its users, can access. For example, a key might be configured to have the source_type:icloud.account scope which allows its users to create sessions against iCloud accounts.

Every permission is constrained by what the base permissions of the organisation are. It is not possible to create permissions which are beyond what the organisation has access to.

Attributes

name type description
id permission ID Resource identifier.
resource string, always permission Resource type specifier.
organisation organisation ID The organisation these permissions are associated with.
scopes dictionary The scope to which the permission applies.

Scopes

The scopes attribute defines what the permissions grant access to. Scopes look like source_type:icloud.account, which would grant permission to create iCloud account sources.

Each scope can have associated limits. These act as restrictions on the permissions granted by the scope. For example, the source_type:icloud.account scope might have a limit:

{
  "level": "user",
  "type": "count",
  "value": 3
}

This would restrict the number of iCloud account sources a user can create to a maximum of three.

The format of the scopes attribute, give the example above, would be:

{
  "source_type:icloud.account": [
    {
      "level": "user",
      "type": "count",
      "value": 3
    }
  ]
}

Scopes can also include simple wildcards, like task_type:icloud.* which gives permission to use any tasks related to the iCloud service.

Scope types

  • source_type gives access to specific source types.
  • task_type gives access to specific task types.
  • data_type gives access to specific data types.
  • file_type gives access to specific file types.

Limits

name type description
level string One of: organisation, key, or user.
type dictionary The scope to which the permission applies.

A limit can act at one of three different levels: organisation, key, or user. This determines how broadly the limit is applied. For example, a scope may have a limit which restricts the organisation to only 10 iCloud accounts (an organisation level limit) and another limit that restricts each user within that organisation to just 2 iCloud accounts each (a user level limit).

There are three types of limits: count, interval, and inflight. The count type is absolute (i.e. the total count of iCloud accounts every accessed), while interval takes the count over a period of time (i.e. 1 iCloud account per month), and inflight is a concurrency limit (i.e. can only poll 1 iCloud account at a time).

How can we help?

Our support team are here to help!

Our office hours are Monday to Friday, 9am to 5pm GMT.

We aim to reply to all messages within one working day.

Get in touch › Our awesome support team

© 2008 - 2019 Reincubate Ltd. All rights reserved. Registered in England and Wales #5189175, VAT GB151788978. Reincubate® is a registered trademark. Privacy & terms. We recommend 2FA. Built with in London.