We're excited to share that the Custom Objects API now allows you to set custom object permissions for agents with assigned custom roles.
How does it work?
You can use the Custom Objects Permissions API to designate who can create, read, update, and delete custom objects. This now includes agents with assigned custom roles. To do so, add the custom
property to the permissions policy in your request, specify the id of the custom agent role, and set the permissions for that role.
Rules of functionality
Here are a few rules and notes to keep in mind when using custom permissions with custom objects.
- You must specify the id of a custom agent role in the permissions policy. Use the List Custom Roles endpoint to get the ids from your Support account. Custom role ids are not validated by the Custom Objects API.
- Custom roles can be configured both at the role-based level as well as the relationship-based level of permissions.
- You must add the custom role to the policy before it will be enforced or recognized by custom objects permissions.
- If a custom role id has not been added to a permissions policy, the agent's permissions will default to the generic agent role permissions that have been set.
- The default policy for custom roles is set to all false. For example, if you add a custom role and only change the create permission, the read, update, and delete permissions will all be false by default.
Example request
{ "data": { "rbac": { "agent": { "create": true, "read": true, "update": true, "delete": false }, "end_user": { "read": true }, "custom": { "8237": { "create": false, "read": true, "update": true, "delete": false } } }, "rebac": { "user_to_many_products": { "end_user": { "update": true }, "custom": { "8237": { "read": true, "update": true } } } } } }
0 comments