Access Policies

  • Published on Apr 16, 2025
  • 1 minute(s) read
Prev Next

Access policies allow you to restrict or grant access to certain components of Application Workspace.
There are two types of access policies:

  • Role - you can grant predefined privileges to it.
  • Script - allows for greater control but requires scripting.

Access policies can be assigned per user, user collection, group and context.
For more dynamic customization, access policies can be defined on different levels; while the inheritance flows top-down, a local override has priority. This means for example that an access policy assigned at the group level can be overridden by one defined at the context level.

Overview screen

Displays the same information as in the Create access policy dialog box you used when you created the current access policy.

Note that the type of an access policy cannot be changed once created

Privileges screen

It shows a list of privileges that are available in Application Workspace. By enabling entries in the list, you enable these privileges for the current access policy. For example, if you enable “Create Access Policy” for a specific access policy, the user associated with that access policy will be able to create access policies.

The Privileges screen is available only for the Role type access policy.

Script screen

Here you can create your scripts to regulate access to Application Workspace components. This option facilitates the creation of more complex access policies, that can’t be solved with the editor.

Below you will find a sample script that grants access to the connector functionality and API.

(
	isof(resource, '#recastsoftware.Server.BLL.Zone')
	and
	(
		(action eq 'access_connector')
		or
		(action eq 'access_api')
	)
)

The Script screen is available only for the Script type access policy.

Usage screen

This screen is for information purpose only and it displays the entities associated with the current access policy.
An access policy can be assigned to a user, group or context in Manage > System > Permissions or within the identity's detailed view in the Access policy screen.
For a user collection it can be assigned only in Manage > System > Permissions.