How to Manage Advanced Permission Policies and Items?
PreviousHow to Manage Authority Groups in Omnitron?NextHow to Log in to Omnitron Using OAuth2 (SSO)?
Last updated
Was this helpful?
Last updated
Was this helpful?
The Advanced Permission Policies and Items mechanism in Omnitron is designed to control authorization and manage the visibility or concealment of objects based on the records of selected content types or specified conditions. These policies apply to all users except superusers. When a policy is defined, it is crucial to assign all non-superuser users to a policy; otherwise, the object will remain hidden.
This tutorial provides step-by-step instructions for effectively managing Advanced Permission Policies and Items in Omnitron.
Follow the Settings > Advanced Permission Policies sidebar and click the Advanced Permission Policies page.
To add a new policy, click the Create Policy button. Complete the form by filling in the following fields:
Name: Specify the name for this policy that should be unique parameters.
Users: The selection of users to be assigned to the policy is optional.
FE Permission Groups: This field enables the restriction of users assigned to the relevant FE Permission Group by selecting the FE Permission Group created for non-superuser users.
Language: This optional parameter restricts the actions a user can perform based on their local language in Omnitron, as defined by the policy. By defining accept languages in the policy, specifying the content type of the model to which the PolicyItem is linked, and providing the corresponding Policy, we can restrict user access to POST, PUT, PATCH, and DELETE events based on the accept_header values. In summary, users who do not have access to the local language in Omnitron can only perform actions in a read-only mode.
Example Body:
Once you have filled in the relevant fields, click the Save button.
Follow the Settings > Advanced Permission Items in the sidebar and click the Advanced Permission Items page.
A Policy Item, together with the provided policy, validates according to content type, object IDs, and conditions to provide the necessary authorizations. This enables dynamic authorization. One policy can be associated with multiple policy items. To add a new policy item, click the Create Policy Item button. Complete the form by filling in the following fields:
Policy: Lists the created policies to determine which policy the Policy Item should be associated with.
Content Type: determines the content type on which the policy item to be created will be applied. For instance, content types such as product, product stock, product price, product collection item, price list, stock list, product collection, and order can be specified.
Object IDs: As for object IDs, the IDs of the objects can be added in multiple entries based on the selected content type. For instance, if the content type is product, the object_ids'field can store multiple values as “object_ids”: ["<product.pk1>", "<product.pk2>"].
Conditions: Conditions determine how restrictions will be applied for each content type. Conditions can be created based on:
For product, product stock, product price and product collection item content types, conditions may be established based on attributes, product type, base code, and SKU.
For price list and stock list content types conditions may be established based on name or code.
For product collection content type conditions may be established based on name or slug.
For order content type conditions only established based on segment.
For example, a policy named Limited Access has been created. Omnitron users assigned to the selected Akinon Admin FE Permission Group will only be able to take actions in the Turkish local language and will be restricted according to the conditions associated with this policy and policy item.
A policy item that allows for the display of only products with the brand attribute value 'Akinon' and restricts other products was created and linked to the 'Limited Access' policy.
After the definition, users associated with the policy can only view products that meet the conditions in Omnitron. As shown in the image below, products with the brand attribute value 'akinon' are displayed on the product listing page.
By creating a new policy item with the order content type for the 'Limited Access' policy, users can view orders with a segment value of 'testing' on the order page.
After the definition, users associated with the policy can only view orders that fulfill the conditions, specifically those with a segment value of 'testing', on the Omnitron order page.
