Permissions inherit for internal requests

Question

Permissions inherit for internal requests

ir4y opened this issue 4 years ago · 2 comments

Now app client uses for all internal requests including sourceQuery requests during $populate and mapping $apply during $extract.

Instead of it, all these operations should be executed on behalf of Aidbox user who requested $populate and/or $extraxt operation.

Answer 1 · 2021-11-08T09:52:46.000Z

Let's do it gradually: all current questionnaires with mappings continue to work with superuser access.

For new questionnaires add a flag something like 'use not super user access, if this flag is set to True in the particular Questionnaire all queries (populate, source queries, and mapping) must be executed on behalf of user not superuser.

Answer 2 · 2021-11-18T12:18:12.000Z

BACKWARD INCOMPATIBLE NOTICE

Questionnaire.runOnBehalfOfRoot flag is added for a granular upgrade. For all existing questionnaires specify this attr to true if you don't wish to upgrade now.