Set Permissions
Grants View, Modify, or Full permissions to specified users (or to groups of users) for a policy.
Be aware that the permission settings you specify in the action will either replace or be merged with the object's existing settings, depending on how you set the Remove Existing Permission parameter.
If you set Remove Existing Permission to true, the permission settings specified in the action completesly replace the object's current settings. That is, the action will clear the object's existing permission settings and replace them with the permissions you specify.
For example if a policy's initial permission settings were as follows:
USER A Full
USER B Full
GROUP ABC Full
And you were to specify the following permissions with Remove Existing Permission set to true:
USER A Full
GROUP X Modify
The resulting permissions on the asset would be:
USER A Full
GROUP X Modify
If you set Remove Existing Permission to false, the permission settings specified in the action are added to the object's current settings. That is, the action will merge the new permission settings with the object's existing settings. For example, if an asset had the following permission settings:
USER A Full
USER B View
GROUP ABC View
And you were to specify the following permissions with Remove Existing Permission set to false:
USER A Modify
USER B Full
GROUP X Modify
The resulting permissions on the asset is:
USER A Full
USER B Full
GROUP X Modify
GROUP ABC View
Note:
The instance-level permissions that this action assigns to a user does not affect any role-based permissions that the user might already have. For example, if user ABC has Manage Policies permission for an organization and that user also happens to be a member of a group to which this action assigns instance-level permissions, user ABC's Manage Policies permission will override the permission settings that this action assigns to him or her.
Event Scope
Post-Create
Pre-State Change
Post-State Change
OnTrigger
Object Scope
Policy
Assets
Input Parameters
User/Group Permission | (Object). (Array). An array of permission settings. Each setting in the array identifies one individual user or one group and specifies the permissions for that user or group. If you specify multiple groups in this array and a user is a member of more than one group, the user will receive the permissions of all those groups combined. For example, if you assign Modify permission to Group A and Full permissions to Group B, users that are members of both groups will get Full permissions on the object. |
Remove existing permission | (Boolean). Specifies whether the permission settings in the Users and Groups parameter replace the existing permission settings or whether they are combined with the existing settings. |
Propagate permissions to dependent objects | (Boolean). Specifies whether the access permissions defined for the asset instance is automatically propagated to all dependent objects. For example, a Service asset can refer to a WSDL which in turn can refer to one or more XML Schema assets, and when you set this parameter to yes, changes in the access permissions in the Service asset is propagated to all of these dependent assets. |