I have an app where users of different roles want to share their dashboards and reports with each other. However if I allow them to, they would be able to share their objects with everyone or all users.
Is there a way to only limit them the option to share it just to their own role?
Alternatively I was thinking of using a custom command that has admin credentials to change the permissions but that would require hardcoding admin creds in the command. Is there a better way to store the admin credentials? I know I can't encrypt the passwords in storage/passwords because then I would need to allow the user to have that capability.
@klim - I don't see if there is any direct way to do it. But I can suggest one programmatic way to do it.
I hope this helps!!! Upvote if it does!!!
That was what I was thinking. The only thing is that users decide when to share an object so the user would need to initiate the custom command.
The only concern I have is putting the credentials in the command. However I could just make a role that only has admin_all_objects capability, turn on token authentication, and don't allow the role any access to any indexes to add some extra layers of restrictions in case the users could obtain the credentials somehow.
Is there a way that I can limit what API commands a role runs?
@klim - if you are running the custom command (savedsearch) on a scheduled based, then the Permission the custom command will have is same as permission for the user that scheduled the savedsearch.
I hope this helps!!!