Restricting Operations
In this use case, we want all users to have access to a given workspace, but we want to prevent users with the INTERN
role from modifying or deleting the workspace, or the scenarios it contains. Furthermore, we want that only users with role MANAGER
be allowed to create a scenario in this workspace.
This can be implemented by adding the following permission rules to the ruleset attached to the workspace:
role(INTERN), MODIFY, WORKSPACE, false role(INTERN), MODIFY, SCENARIO, false role(INTERN), DELETE, WORKSPACE, false role(INTERN), DELETE, SCENARIO, false EVERYBODY, CREATE, SCENARIO, false role(MANAGER), CREATE, SCENARIO, true