Hi,
I will have multiple clients each with their account and with restricted access to my account so they can upload and schedule assets.
I have not achieved with the acls policies that each user sees only their own devices and not the entire set of devices of my account.
I tried the following example posted on the forum without success:
{
“Statements”: [
{
“Action”: “device:",
“Condition”: {
“StringLike”: {
“device:description”: "Development/”
}
},
“Effect”: “allow”
}
],
“Version”: 1
}
I don’t know what I’m missing, or what I’m not doing right. If you can give me a guide or help it would be greatly appreciated.
The permission system cannot be used for that: It’s for granting permissions, not for controlling visibility. If you share access to your account, users can still list everything (unless you prevent that by denying the list operation) but cannot look into details or make modifications.
Thanks for clearing up my confusion.
Ok, you can’t stop them from seeing all devices, but is it possible to give a user permission to only view details and assign setup to certain devices and deny others?
I have tried that without success, unless it is definitely not possible.
Yes. That’s possible. You can use the following to only grant a user access to (for example) a specified list of devices (1,2,3,4,5 in the example):
{
"Statements": [
{
"Action": [
"device:detail",
"device:update:*"
],
"Condition": {
"NumericEquals": {
"device:id": [1,2,3,4,5]
}
},
"Effect": "allow"
}
],
"Version": 1
}
Thank you very much, that really helped 