SharedGroupData Policy

Question

question

Denzie Gray asked Jan 22, '21

SharedGroupData Policy

Is it possible to disable read/write permissions via the policy api?

I am currently using sharedgroupdata and I saw that an old thread suggested not adding members to the group but have things changed?

apis

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2021-01-22T09:51:33Z

Seth Du answered Jan 22, '21

API access policy can only “Allow” or “Deny” the API calls. I will suggest you to deny the Client API UpdateSharedGroupData and migrate the update processes to Cloud Script/Azure Function, where necessary verifications can be done before the data is updated.

15

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Denzie Gray commented · Jan 22, 2021 at 12:07 PM

And this is possible for the other API calls? I would like to prevent the user from deleting or creating groupshared data or adding members.

May I see an example of a policy that denies only the client from UpdateSharedGroupData but allows the server/admin?

Thanks for your response.

0 ·

Seth Du ♦ Denzie Gray commented · Jan 25, 2021 at 06:55 AM

You may call UpdatePolicy API with the following request:

{
  "PolicyName": "ApiPolicy",
  "Statements": [
    {
      "Resource": "pfrn:api--/Client/UpdateSharedGroupData",
      "Action": "*",
      "Effect": "Deny",
      "Principal": "*",
      "Comment": "This statement deny client UpdateSharedGroupData"
    }
  ],
  "OverwritePolicy": false
}

0 ·

Denzie Gray Seth Du ♦ commented · Jan 25, 2021 at 01:04 PM

Thank you so much!

My last question, is it possible to directly edit the policy in the dashboard? Or via a cloudscript execution?

0 ·

Show more comments

question