Episode ID roles
If activated, users with a role like ROLE_EPISODE_<ID>_<ACTION>
will have access to the episode with the given
identifier, without this having to be explicitly stated in the ACL attached to the episode.
For example, ROLE_EPISODE_872dc4ec-ca8a-4e12-8dac-ce99784d6d29_READ
will allow the user to get read access to
episode 872dc4ec-ca8a-4e12-8dac-ce99784d6d29
.
The <ACTION>
will be capitalized, but special characters may not be converted to _
, e.g. ANNOTATE-ADMIN
.
Setup
Enable episode.id.role.access
in etc/custom.properties
.
To make this work for the Admin UI and External API, the Elasticsearch Index needs to be updated with modified
ACLs. You can achieve this by calling the /index/rebuild/AssetManager/ACL
endpoint after enabling this feature
in the aforementioned configuration files.
The endpoint will reindex only event ACLs.
In case you have custom actions configured, this will only work for the actions that were configured during the reindex of the Elasticsearch index. If you later add custom actions, you will have to reindex again.