Setting up a permission structure
AccessOwl offers three different ways to map out an application permission structure:- 1. Standard Permissions
- 2. Resources and Permissions
- 3. Multi-level Resources
One set of permissions per application
This is the simplest form where the application has a set of permissions. You can specify whether only one permission can be selected or multiple can be selected.
Mandatory Resources
Some applications require users to have a base-level access before they can request additional permissions. For example, a user might need a Salesforce “Profile” before they can request specific licenses, or a 1Password “Account” before they can access individual vaults. You can mark root-level resources as mandatory to enforce this dependency. When a resource is marked mandatory:- Users must either already have access to the mandatory resource, or include it in their request
- If a user tries to request other permissions without the mandatory resource, they’ll see a validation error listing the required permissions
- Approved requests will wait in a “Pending dependency” status until all mandatory resources are provisioned
How to Configure
In the Permissions editor, toggle the asterisk icon next to a root-level resource to mark it as mandatory. The fieldset gets a red left border so that mandatory resources are easy to spot, and the filled/slashed asterisk shows whether the resource is required or optional.Only root-level, requestable resources can be marked as mandatory. Nested resources cannot be set as mandatory.