Let the creator of a Queue/Asset/etc have edit rights on it

If a user is given the Create Permissions on Orchestrator Assets, can they please also be given (at least optionally) the ability to Edit those Assets they were created by them?

If you’re given Create Permissions, you can make as many as you want, but you can’t Edit/Delete any. If you’re given Edit, you can Edit/Delete ANY items the role applies to.

@Ovidiu_Constantin is thinking to refactor the roles and permissions so that we’ll have only two: read(view) and write (includes create, edit, delete).

What do you say? Is there a use case where you would like to give edit but not create?

i think having edit and create as separate permissions is really needed, BUT, as you give create permissions the edit should come by default as well…

1 Like

Like @bcorrea stated, the two permissions should definitely be independent of one another.

Suppose we’re talking about Assets:
Edit should give an all encompassing permission to edit any Asset (for admin, super user, etc)
Create should let you create any number of Assets. However, if you Create something, you should be considered the “Owner” of it and could then also edit it.

In some processes the “Process Owner” on the Business side is responsible for the tools/accounts/etc we use (often times when using 3rd party web apps, etc) and therefore it would be ideal if they could update for example the Password for the account used (many are only usable for 6 months before the password needs to be reset) rather than having to get an admin user or something to jump through hoops to communicate with that process owner to update those credentials.

The idea of “Ownership” of created objects would of course require us to be able to “Pass Ownership” as well. In the event that a user is no longer going to be responsible for a process, etc, they should be able to assign it to another user.

Bonus points would be if we got the following functionality as well:

  1. Allowing the Owner to also assign edit rights to specific users that have access to the tenant on the object
  2. Let us setup a default Ownership Passing in the server config in the event that a user gets deleted without passing off the ownership of their objects. (Or don’t let a user be deleted without passing ownership and let admin’s override ownership assignments)

Thank you for your suggestion. I added it to our internal ideas tracker for our team to consider.