I have a few read-only users that must be able to create short URLs from the Share menu. These users have access to 1 or 2 tenants, but only in read-only mode. When they click on the Short URL button, they get the following message: Unable to create short URL. Error: Forbidden
I tried to give them write permissions on the tenants’ index, but it doesn’t work. It only works if I give read-write permissions to the specific tenant(s) from the role. However, I don’t want the users to be able to create or modify anything other than short URLs. Is there a way to achieve that?
I looked at the code surrounding the “short URL” creation and found some information that may be helpful. Currently the Observability plugin, which controls visualization creation, only has 4 permissions. These permissions are simply, get, create, update, and delete. Because these roles are so broad, it is not possible to directly apply a new set of permissions that will filter capabilities as you are requesting. You can implement controls on your end to restrict functionality but the details of this implementation would require you intercepting and blocking the REST calls trying to access actions beyond the “create short URL” button you want.
I will file an issue to get some more specific permissions made so we can allow for greater configuration.
Intercepting and blocking REST API calls seems a bit overkill for this. The full links still work but it would be better to use short URLs.
I’ll wait for a software update that includes these new permissions. Meanwhile, I’ll check with my colleagues what is best to do between giving permissions to achieve that or using full URLs until we can set better permissions.
But for sure, your message cleared things up. Thanks a lot.