Skip to main content

 

Managing the Applications Lifecycle

 

OutSystems

Set Up the Permissions in a Team

Using teams you can manage the permissions of several IT users working in the same business team over all the applications they own without having to grant permissions on each application individually.

In this example we want to:

  • Allow developers in Team Baking and Team Intranet to see and work only on the applications of their respective teams.

  • Allow a senior developer of Team Banking to both reference and debug the core applications Customers and Services, but without granting permissions to make changes to those applications. These applications are managed by another team, the Team Core Applications.

To follow the principle of security by default, we will set the IT users with a default role that grants them as little base permissions over applications as possible, and we will define all permissions necessary to perform their work through a team.

To allow the developers to work with their team’s applications, do the following:

  1. Create a new role that has the permission level Access to Environment.

  2. Create IT users for all developers with this new role set as the default role. This defines base permissions that only allow all developers to log in to an environment without granting access to any application.

  3. Create another role that explicitly grants the higher permissions necessary to work on the applications of those teams, such as Change and Deploy Applications.

  4. If the team doesn’t exist yet, create a new team and add all the applications that are managed by the team.

  5. Add the developers to their respective teams with the role that grants them higher permissions.

You will get something like this:

Checking the permissions of the users in a team, you can see that they have Change and Deploy permission over the applications of their team, but No Access over any other application in the environment.

Now, let’s configure a senior developer in the Team Banking to reference and debug the applications of Team Core Applications:

  1. Create a new role called Senior Developer that has the permission level Open and Debug Applications. To reference the applications, the permission level Monitor and Reference Applications would be enough, but as the senior developer also needs to debug the applications, we must grant the above permission level, which also allows users to open and debug modules in applications.

  2. If the Core Applications team doesn’t exist yet, create the team and add the applications Customers and Services to that team.

  3. Add the senior developer to this team with the role Core Developer.

The senior developer of Team Banking can now reference and debug the core applications Customers and Services, but she has no permissions to make changes to those applications.

  • Was this article helpful?