Answer

Calling existing Cognite Functions requires the functionsAcl:WRITE capability

Forum|Forum|2 years ago
March 22, 2023
2 replies
119 views

Peder Aursand
Active

I noticed that calling a pre-existing Cognite Function requires the functionsAcl:WRITE capability. Essentially this means that I cannot make a function available to users/dashboards/applications without simultaneously giving them permission to delete functions. What is the reccommended pattern for ACL when making Cognite Functions that are to be called by others?

https://docs.cognite.com/api/v1/#tag/Function-calls

Best answer by Ivar Stangeby

Hello Peder!

Currently, we do not support the granularity you are requiring in our ACLs as we only have read/write ACLs.

Adding a `functionsAcl:CALL` should be sufficient to let you differentiate between users allowing to create/delete functions, and simply calling them. I will add this as a feature-request.

/ Ivar

I

Ivar Stangeby
Practitioner
Answer
Forum|Forum|2 years ago
March 22, 2023

Hello Peder!

Currently, we do not support the granularity you are requiring in our ACLs as we only have read/write ACLs.

Adding a `functionsAcl:CALL` should be sufficient to let you differentiate between users allowing to create/delete functions, and simply calling them. I will add this as a feature-request.

/ Ivar

P

Like

P

Peder Aursand
Author
Active
Forum|Forum|2 years ago
June 13, 2023

@Ivar Stangeby are there any updates to this feature request? It is blocking us from being able to provide call access to users who should not be able to delete our functions.

Like

Sign up

Welcome to the HUB

Scanning file for viruses.

This file cannot be downloaded