Solved

Calling existing Cognite Functions requires the functionsAcl:WRITE capability

  • 22 March 2023
  • 2 replies
  • 93 views

I noticed that calling a pre-existing Cognite Function requires the functionsAcl:WRITE capability. Essentially this means that I cannot make a function available to users/dashboards/applications without simultaneously giving them permission to delete functions. What is the reccommended pattern for ACL when making Cognite Functions that are to be called by others?

https://docs.cognite.com/api/v1/#tag/Function-calls

icon

Best answer by Ivar Stangeby 22 March 2023, 17:02

View original

2 replies

Hello Peder!

Currently, we do not support the granularity you are requiring in our ACLs as we only have read/write ACLs. 

Adding a `functionsAcl:CALL` should be sufficient to let you differentiate between users allowing to create/delete functions, and simply calling them. I will add this as a feature-request. 

/ Ivar 

@Ivar Stangeby are there any updates to this feature request? It is blocking us from being able to provide call access to users who should not be able to delete our functions.

Reply