Skip to main content

Home

Assign role permissions

The following permissions are used in RBAC: - View Filters (restricting UI) and Data Filters (restricting Data).

Substitute tokens

Substitute tokens are unique keywords that can be used as a part of property values in App Data Fields and Elasticsearch Query data filters. These tokens get resolved to the username, groups, and tags of a logged-in user.

You can pass a specific field or a query string when you set the data filter for app data access. The following substitute tokens can be used when you set the data filters.

  • $user: The field/query gets resolved to the logged-in user’s username.

    Example:

    ./manager config properties set com.unraveldata.rbac.role.dev.data.field.userName '$user'
  • $groups: The field/query gets resolved to the logged-in user’s groups.

    Example:

    ./manager config properties set com.unraveldata.rbac.role.dev.data.field.queue '$groups'
  • $tags.<tag_key>: The field/query gets resolved to the logged-in user’s <tag_key> tag value. For information about tags, see User Tags.

    Example:

    ./manager config properties set com.unraveldata.rbac.role.dev.data.es.query '{ terms: { kind: “$tags.kind_tag” } }'