Contact us

Permissions

When column permissions are checked in any CRUD service, the column property permissions_<ACTION> is being accessed, <ACTION> refers to one of the CRUD actions.

When creating your project you can set column permissions at 3 different levels:

  • Project
  • Table
  • Column

In each level it is possible to specify each CRUD action permission. The basic format to set up permissions in any level is using the key permissions, then list the actions you want to set, in each action you can establish the allowed roles.

Example:

permissions:
create: [<ALLOWED_ROLE>, ...]
read: [<ALLOWED_ROLE>, ...]
update: [<ALLOWED_ROLE>, ...]
delete: [<ALLOWED_ROLE>, ...]

Default Roles

By default MakerMike has the following roles.

System Administrator

  • This role is created by default in your project.
  • For any action, if no role is specified MakerMike will automatically add this role when creating your project.

User

This role is created by default in your project, it is not assigned to any table by default.

Open Permissions

Open permissions are represented by the character -, anyone will have access even without a session.

Rules

  • System Administrator will always be added by default in all actions, this also means that if you remove it using the table Table configuration it will be re-added automatically by MakerMike, except when setting open permissions, if you set open permissions, you won't see System Administrator in your project configuration since open permissions already are everyone.
  • Open permissions - can only be set in the read action.

Formats

You can set up your project permissions in two formats as list and as a string, this works for all 3 Permissions levels.

List Format

Allows you to set multiple roles.

Example:

permissions:
create:
- role1
- role2
read:
- role1
- role2
- role3
update:
- role1
- role2
delete:
- role1

String Format

Allows you to set just one role.

Example

permissions:
create: role1
read: role3
update: role2
delete: role1

Combine Formats

string and list formats can be used together.

Example:

permissions:
create: role1
read:
- role1
- role2
- role3
update:
- role1
- role2
delete: role1

Levels

Column Level

This level has the higher priority meaning that it will overwrite table and project levels permissions.

Example:

name: my_project
show: my_project.com
time_zone: America/Mexico_City
tables:
- name: my_table
columns:
- name: column1
    permissions:
    create:
    - User
    - System Administrator
    update:
    - System Administrator
- name: column2
    permissions:
    update: User

Table Level

This level has higher priority than project permission but lower compared to column level, so it will just overwrite project level permissions, this can be used to easily configure the permissions of a whole table without writing the permissions in each column.

Example:

name: my_project
show: my_project.com
time_zone: America/Mexico_City
tables:
- name: my_table
columns:
- column1
- name: column2
    permissions:
    create:
    - System Administrator
    - User
    update:
    - System Administrator
    delete: System Administrator

Project Level

This level has the lowest priority among all 3 levels, meaning it will be overwritten by table and column levels if they are set, it can be used to easily configure the permissions for all columns of all tables that don't have any table or column level permissions.

Example:

name: my_project
show: my_project.com
time_zone: America/Mexico_City
permissions:
update:
- System Administrator
- User
delete: System Administrator
tables:
- name: my_table
columns:
- column1
- column2

Combine All Column, Table and Project Levels

You can use all 3 different levels at the same time.

Example combining all 3 levels:

name: my_project
show: my_project.com
time_zone: America/Mexico_City
permissions:
create: System Administrator
delete: System Administrator
read:
- System Administrator
- role1
- role2
- role3
tables:
- name: my_table
columns:
- column1
- name: column2
    permissions:
    create:
    - System Administrator
    update:
    - User
    - role3
    delete:
    - System Administrator
    - User
- name: my_other_table
columns:
- name: column1
    permissions:
    update:
    - role2
    - role3
- name: column2
    permissions:
    create:
    - System Administrator
    - User
    delete: System Administrator

It is important to know that just column level permissions are stored in your project configuration, so the table and project levels won't appear, but they will be applied in the proper columns.

Jump to
Top