Manage user permissions across projects
Overview
This example demonstrates how to create a SnapLogic pipeline to programmatically update access permissions for multiple users or groups across various project spaces. By following the steps in this example, you can set up both a parent and child pipeline to streamline permission updates.
To begin, download and open the Multiple_Permissions_Updater ZIP file to review its structure and better understand the components of this example.
Create parent pipeline
The parent pipeline initializes and manages permission updates for users or groups across specified projects. Follow these steps to create it:
- Add a CSV Generator Snap and include user details along with project permissions in a CSV file format.
This file serves as input data containing user email IDs and their associated project permissions.
- Configure a CSV Formatter Snap and CSV Parser Snap to read and format the CSV data, preparing it for use in downstream Snaps.
- Add a Pipeline Execute Snap and configure it to trigger the child pipeline, named "Permission_Updater," passing the user and project data to the child pipeline.
- Save the parent pipeline.
Create child pipeline
The child pipeline receives data from the parent pipeline and performs the necessary steps to read, append, and update user permissions. Follow these steps to create the child pipeline:
- Create a Project and add a new pipeline to it.
- Specify pipeline variables:
-
new_user
: The email ID of the user whose permissions you need to modify/create.project_space_path
: Path to the project space for which permissions will be updated (e.g., /<organization>/<project_space>).
- Click the pipeline toolbar button to open the Pipeline Properties popup, and update the parameters.
- Save the child pipeline to apply changes.
Configure pipeline parameters
To configure the parameters required for the child pipeline:
- Open the Pipeline Properties window.
- Declare the variables for new user email IDs and project spaces:
- Key:
new_user
- Value: <Email ID of the new user>
- Key:
project_space_path
- Value: <Path to the project space>
The values here are placeholders; the actual data will come from the parent pipeline.
- Key:
- Save the pipeline settings.
Read existing permissions
Configure the child pipeline to read current permissions from each project:
- Add the Read Snap to retrieve existing permissions.
- Asset Type: PROJECT
- Asset Path: Reference the pipeline parameter
_project_path
.
- Save and close the configuration.
Append new permissions
Append new permissions for each user to the project’s existing access control list:
- Add a Mapper Snap to modify permissions.
- Set the expression:
[].concat($acl, [{"perms":["R","W","X"],"subject_type":"USER","inherit":true,"subject":_new_user}])
Adjust permissions as needed by including or excluding values like 'R', 'W', or 'X'.
- Set Target Path to
$acl
and save.
Update project permissions
To finalize permissions updates in the project space:
- Add an Update Snap to apply new permissions.
- Asset Type: PROJECT
- Asset Path: Reference the
_project_path
parameter.
- Save and close the pipeline.