Skip to main content

Access record statements accept users and groups

Starting today, the statements in an access record, can now additionally specify both users and groups.

User based access records

Historically, users and groups were only available as properties of the access record, which meant all statements applied to all users and all groups. This made it easy to support having one group of users with many statements. Additionally, access records could be directly associated with a user so that it was clear that changes to an access meant changes for that particular user.

To change a user's permissions, it was as simple as looking up the access record with the same ID as the user:

const record = await authressClient.records.getRecord(userId);

And then making necessary changes to that record.

Resource based access records

However, when multiple users each needed different access to the same resource, multiple access records would need to be configured. One for each set of permissions. This was because all statements in the access record applied to all users in the record. To have different permissions, separate records would be created, each with the separate set of users.

Now, access records can directly specify which statements should be applied to which users.

Instead of listing the users at the record level:

Access record users

Toggle the Enable statement level user assignment switch:

Enable statement level user assignment switch

And then enter the users in the statement section of the record. Each statement can have separate users:

Access record statement user selection