Updating Access Permissions of Multiple Users or Groups to Multiple Projects or Project Spaces Programmatically
This example helps you create a pipeline which will, when executed, update the access permissions of multiple users or groups to multiple project spaces.
Download and open the Multiple_Permissions_Updater ZIP file and review its structure to better understand this example.
This task primarily involves updating the "acl" (access control list) values associated with the project space concerned. To do so, you need to:
- List out the various users and groups to whom you want to apply new permissions, along with the projects or project spaces on which these permissions are applicable.
- Read each project's existing permissions information.
- Append the new permissions.
- Update the projects with the new permissions.
You can perform all these tasks by creating:
- A parent pipeline that takes a CSV file containing user email IDs and project permission details as input, and
- A child pipeline that applies the access permissions received from the parent pipeline.
Creating the Parent Pipeline
To create the parent pipeline:
- Add a CSV Generator Snap and add user details and associated project permissions as shown below:
For an example of the CSV data, see the permissions.csv file in the ZIP file you downloaded. - Add a CSV Formatter and a CSV Parser Snap. These Snaps read the CSV data and prepares it for use in the downstream Snap.
- Add a Pipeline Execute Snap and configure it as shown below:
Basically, your configurations trigger a child pipeline called Permission_Updater and pass user and project information from the input CSV file to the child pipeline. - Save the pipeline.
Creating the Child Pipeline
- Create a project
- and add a pipeline
- to the project.
Now that your pipeline is created, you need to specify the variables–and corresponding values–that you plan to use in the pipeline Snaps. In this scenario, you have two variables: the email ID of the user whose permissions you need to modify / create, and the project space to which you want to grant access. To specify these variables: - Click the button on the Pipeline Toolbar to display the Pipeline Properties popup.
- Update the Parameters fieldset of the Pipeline Properties popup as follows:
- Declare a variable that will contain new users' email IDs
- Key: new_user
- Value: <Email ID of the new user>
- Key: project_space_path
- Value: <Path to the project space that you want to update. Structure: /<organization>/<project_space>
The data in the Values fields are actually placeholders, placed there because Value is a mandatory field. The actual user and project data comes in from the parent pipeline.
- Save your changes and close the popup.
You have now configured the new pipeline to take user and permissions input from the parent pipeline. You now add a Snap that will read each project's existing user permissions. To do so:
- Add a SnapLogic Read snap to the pipeline and update it using the following details:
- Asset Type: PROJECT (You do not need to change this value even if you are updating permissions for project spaces.)
- Asset Path: (Click the button before adding the value.) _project_path. This is a reference to the pipeline parameter that we created in Step 3 above.
Save your changes and close the popup.
When this Snap is executed, it retrieves all the data related to each project listed out in the parent pipeline CSV file, including its permission details.
You now need to append new permissions to the project. To do so:
- Add a Mapper Snap to the pipeline and update the following fields:
Expression: Enter the following expression:
This expression contains the new permission values that you want to add under the "acl" key in each project / project space. Depending on the actual permissions you want to assign to the user / group, remove 'R', 'W', or 'X'.
- Target Path: $acl
Save your changes and close the popup.
You can see in the screenshot above that while the Input preview data field lists only one set of permissions, the Output preview data lists two permission sets. The second one is the new permission set added.
You now have all the details needed to update the project properties received from the parent pipeline. To update each project space with the revised permission details:
- Add a SnapLogic Update Snap to the pipeline and update the following fields:
- Asset Type: PROJECT
- Asset Path: (Click the button before adding the value.) _project_path
Save your changes and close the popup.
Once this pipeline is executed, each project located at _project_path will be updated with the revised permissions specified in the Mapper Snap in Step 5 above. You can now flexibly update the properties of any project from the same pipeline by changing any of the following values:
Location | Variable | Description |
---|
Pipeline Parameters | new_user | The email ID whose permissions need to be managed |
---|
project_path | The path of the project to which you want to assign permissions |
Mapper Snap | 'R','W','X' | The permissions you want to grant to the user defined in new_user |
---|