Skip to main content

Hi.

I would like to set up a time series scoped iam group - that is scoped with read access to specific time series. 

For other resources (e.g. data sets), the scope can be set with reference to the external id. But for time series, it fails unless the internal id is used. Is external-id referencing of time series IDs for timeseriesAcl on the roadmap?

 

capabilities:
- timeSeriesAcl:
actions:
- READ
scope:
idScope:
ids:
- my.external.id


*******



ValueError: invalid literal for int() with base 10: 'my.external.id'

 

@Kristian Nymoen I’ll check on this with the engineering team and get back to you with an update.


Hi Kristian,

Our future direction for the product with regard to this (and other capabilities) is to leverage our data modelling backend.  As you might be aware, we recently announced the availability of Time Series as a native type in our Core Data Model concept.

As we move forward, enhancements to our access controls will be based on this architecture, with approaches such as nested spaces, and attribute based access control both under consideration. Our expected timeline for availability for these enhanced access control methods is currently H2 2025.

In light of this, we are not planning to implement any enhanced forms of access control on the ‘classic’ methods we currently have.

To take advantage of these enhanced access control capabilities will require a migration to the new time series type.

We are active in planning low friction migration pathways for existing CDF customers to be able to take advantage of the new architecture and expect to see updates from us in the future on that part.

I hope that sounds reasonable, and we would be happy to take your feedback.

Kind Regards, Glen


@Kristian Nymoen 

The timeseries scope is case sensetive, so `idScope` should be `idscope`

```yaml
capabilities:

- timeSeriesAcl:

    actions: - READ

 scope: idscope:

    ids:

      - my.external.id
```

 


Thanks both ​@Anders Albert and ​@Glen Sykes.

Then I know the plans in the long run, and the lowercase idscope solved my problem in the short run. (idScope with capital S has worked for me when setting datasetsAcl - but I see that the docs use a lowercase)


Excellent, I’m glad you’re able to proceed in the interim with ​@Anders Albert’s advice, and thanks for your patience!


Reply