Corteza Project
Replies: 2 comments 1 reply
-
|
Setting up permissions in Corteza can feel a bit tricky, especially since the official documentation hasn’t been updated recently. Here’s a simple, step-by-step approach to help you limit "authenticated" users so they can only view your utility meter app without accidentally giving them too much access.
Make sure the users you’re trying to manage are in the "authenticated" role or group. Every logged-in user automatically gets this role, so you don’t need to manually assign it.
In the Corteza Admin Panel:
Now, prevent these users from wandering into other parts of Corteza:
After setting the permissions, log in with a test user account in the "authenticated" role to confirm that they only see the utility meter data—and nothing more. If they’re still blocked or have too much access, double-check the specific permissions in your app module or namespace.
Corteza follows a strict rule flow: if there’s any explicit deny, it overrides everything else. So it’s important to carefully review where and how you allow access to your app, making sure there’s no hidden deny rule that blocks the view. This approach should let you balance access correctly without making the users admins by accident or locking them out of the system entirely. You can always refer to the latest discussions on Corteza's forums and documentation. |
Beta Was this translation helpful? Give feedback.
-
|
First of all Permissions > Namespaces doesn't exist in 2023.9 admin panel, I don't know which version youre using. In admin panel under System > Applications I changed the permissions for the Namespaces and utility meter apps. Then in system permissions everything except "Read any client" and "Authorize any client" is disabled for the group authenticated. When I deactivate these options, it's impossible to use any application. There are no permission options for namespaces, modules or global ressources in the system settings... Still if I log in as the test user with just the authenticated group and put /admin at the end of the url, I end up in the admin panel... "Corteza follows a strict rule flow: if there’s any explicit deny, it overrides everything else." this is definetely not the case. If you create a user that has two groups, go into system permissions and put the two groups plus the evaluated permissions in the table you see that as long as one of the options is green, the user permissions are green. I have strong feeling you used AI to create this message. I already tried perplexity AI and chatGPT so please restrain from generating an answer. |
Beta Was this translation helpful? Give feedback.
-
|
Yeah just wanted to help nothing else |
Beta Was this translation helpful? Give feedback.
-
I'm trying to make a simple Corteza app that allows users to see their utility meter data and I'm struggling with permissions. I'm hosting Corteza 2023.9 as a docker container.
I want a user in group "authenticated" to only be able to read data from this one application only. How do I do it?
I spend some time trying to do it with the Corteza documentation, sadly it has not been updated since 2021.3 ([https://docs.cortezaproject.org/corteza-docs/2021.3/administrator-guide/permissions.html](Corteza Docs).
I use my super admin user to access the admin panel and in there through trying out different Permission setting pages, I managed to either make another super user with all permissions or to lock the user out of Corteza auth client completely. I'm unable to find a comprehensible guide how to work with permissions. I would be very thankful for any help, pointers or resources.
Beta Was this translation helpful? Give feedback.
All reactions