Groups & Roles in Scoped App

kshaw · ‎12-20-2018

Developing a scoped app.

Creating roles within that SA. But Groups (to add to a role) seem to be created in the Global instance.

Therefore a group created for a scoped app role, is manageable from the global environment by anyone who can edit groups.

I want to limit access to scoped roles to groups created and managed within the scope.

How is that done?

bernyalvarado · ‎12-20-2018

Hi, groups is what we considered data, and not definition of an application. Having said that, the groups will not be stored within an update set (sys_update_xml), but rather live as data within the instance.

If you still want to have groups within your scoped app and restrict the access to those to only the scoped roles you created then you could try creating an ACL which enforces such restriction. I believe that will imply a little bit of hardcoding to imply to which groups the ACL should apply to.

Thanks,

Berny