Skip to main content
Answer

Limit Dataset Visibility by Role

  • January 20, 2025
  • 4 replies
  • 42 views
J
Seasoned
Forum|alt.badge.img+3

I am looking for clarity in the YAML requirements for limiting the visibility of Datasets in Cognite to specific roles.

 

Like other datasetScope’d objects I’ve added datasetScope to my group definitions but deployments are failing, indicating the following error which itself is not very descriptive to indicate what the offending issue is:

 

raise CogniteAPIError( │

│ cognite.client.exceptions.CogniteAPIError: Unknown field name: │

│ `datasetScope` at items.capabilities[13].datasetsAcl.scope.? | code: 400 | │

│ X-Request-ID: 26ec6765-06b8-9f77-9d95-ab49409fd950

 

 

In our group definition we’re trying to limit datasets as follows, and it’s failing:

 

 

Adding to difficulty troubleshooting is the pre-build and dry-run deployments of our toolkit CI/CD ran successfully, and it wasn’t until the actual deployment that things broke.

 

 

 

Best answer by Jesse Jenken

We overcame this issue by changing “datasetScope” to “idScope”.

 

Could we request the YAML reference documentation be updated?

This answer came from the Cognite internal Slack and without project resources on-hand we would not have come to this determination from anything accessible to us directly, as it required some trial and error against our build pipelines to nail down without uncertainty.

 

 

Thanks!

 

 

 

 

 

Mithila Jayalath

4 replies

J
Seasoned
Forum|alt.badge.img+3
  • Jesse Jenken
  • Author
  • Seasoned
  • Answer
  • January 21, 2025

We overcame this issue by changing “datasetScope” to “idScope”.

 

Could we request the YAML reference documentation be updated?

This answer came from the Cognite internal Slack and without project resources on-hand we would not have come to this determination from anything accessible to us directly, as it required some trial and error against our build pipelines to nail down without uncertainty.

 

 

Thanks!

 

 

 

 

 

Mithila Jayalath
Anders Albert
Seasoned Practitioner
Forum|alt.badge.img
  • Anders Albert
  • Seasoned Practitioner
  • January 30, 2025

@Jesse Jenken Good to hear that you managed to figure this out. 

Could we request the YAML reference documentation be updated?

Are you referring to this in the documentation? 
 

I am wondering the best way to improve your experience. The above documentation is referring to a threedAcl, which use a ‘datasetScope’, while you are using a datasetsAcl which use ‘idscope’. The YAML files you use with Toolkit are reflecting the API:
 

I will change Toolkit by creating a error message that checks the scopes vs the ACL you are using. In your case, when you try to create a datasetsAcl the only scopes available are the ‘all’ and ‘idscope’ which will then be reflected in the error message.

Thanks you so much for reporting. Let me know if this should be sufficient, or if there are other improvements we should make.

 

J
Seasoned
Forum|alt.badge.img+3
  • Jesse Jenken
  • Author
  • Seasoned
  • January 30, 2025

I am wondering the best way to improve your experience. 

 

Thanks Anders, the toolkit has been extremely helpful and the improvements with v3 have been very welcomed, coming from our initial 0.1.4 install.

 

Where I got hung up and a bit confused is the case sensitivity of the API documentation.

It speaks to one of idscope but the yaml requires idScope with a capital S.  I’m not sure how to have come to that conclusion on my own and whether that represents a deficiency in my Python skills, or if that’s enough of a misnomer on my part to suggest the value of having every YAML property explained for every type of configuration without needing to lean on the API docs.

 

Regardless, lesson learned, and onward we go.  Thanks for being receptive to the feedback!

 

Anders Albert
Seasoned Practitioner
Forum|alt.badge.img
  • Anders Albert
  • Seasoned Practitioner
  • January 31, 2025

The case sensitivity of the idscope/idScope is an unfortunate part of the API that cannot be changed. It is a good point that this is an easy trap, will try to improve the error message to also pick up and tell you if you use the wrong casing.

J
Terms & ConditionsCookie SettingsAccessibility statement