Configure Roles and Permissions On Your Service
When creating entities, you can also specify which roles can perform actions on the entity and any of its fields. These actions are Create, View, Update, Delete, and Search. These permissions will be automatically enforced throughout your service. Users can easily be assigned to multiple roles in your application.
In this introductory guide, you'll assign roles and permissions to some of your newly created entities.
Let's get started.
Step 1: Create Roles
- Click the Roles icon on the main menu (left sidebar) to reach the Roles page. Here you see all the roles in your service.
- On the Overview page, click Go to roles, or from the main menu (left sidebar) click the Roles icon.
Currently, there's only a default User role that was auto-generated when you created the new service.
In this example, we add another two roles: Admin and Manager.
- In the Type role name text box, type "Admin".
- Click Add Role (or just press Enter). The new role is added to the list.
- Repeat these steps to add the "Manager" role.
Step 2: Set Access Permissions
In order to allow users to access the entity, we need to set its permissions. To access your service's permissions:
- On the Overview page, click Go to Entities, or from the main menu (left sidebar) click the Entities icon.
- Click the Project entity.
- In the Project page click the Permissions tab. This opens the Permissions settings.
Permissions can be controlled separately for each of the following actions:
These actions can be set to one of the following:
- Public - no authentication is required, so the action is available to all users, not only those with defined roles
- All Roles - all roles can perform the action
- Granular - only specified roles can perform the action
Step 3: Set Entity Permissions
By default, all of the actions are set as All Roles.
In this example, some of the actions have been changed to Public, while the others remain as All Roles
In the following example, we use the Granular setting to fine-tune the permissions for a role.
- By default, all actions (View, Create, Update, Delete, and Search) are set to All Roles.
- Fine tune permissions by changing the Delete permissions from All Roles to Granular and then select from the displayed roles the Admin role. This ensures that only users with the Admin role can delete projects.
Once you have selected Granular on an action such as Delete, you have to select specific roles, or no one at all can use that action.
Step 4: Set Field Permissions
We will now set permissions at the field level.
- In the Update action, click + Add Field and select the Start Date and ID fields from the drop-down list.
We now select the roles to associate with each selected field.
In this example, for the Update action, apply Admin permissions to the startDate, and apply both Admin and Manager permissions to the id field. To do this, you first need to select Admin and Manager from the roles on this action, so you can apply those roles on the specific fields.
Now you know how to various roles and permissions to the entities and fields for your service.
In the next guide, you'll learn how commit changes to your git provider, compare changes before committing, and build new versions of your service.
You'll also learn more about how Amplication automatically tracks your code and changes in a git repository.