Permissions

Introduction

This overview describes the concepts of permissions and how they are granted to organizations and assets.

After you’ve read this overview, you will understand:

  • The differences between read, write, and execute permissions
  • The reasons why you can have read/write permissions, and why you cannot call a botlet or service in your code
  • The differences between organization permissions and developer permissions
  • How to grant and revoke permissions
  • How to promote a developer to an administrator (admin) role
  • How to change and delete a developer’s permissions

Types of Permissions

Permissions are what is used to control access to organizations and their assets. The different types of permissions are defined below.

Read / Write

Read / Write permissions are granted to organizations and individual developers.

These permissions explicitly describe people who can view and/or modify the asset which has permissions on it. If a person has read only permissions, they can see the asset in the Store, but they cannot modify its code.

Execute

Execute permissions allow for a botlet to call another botlet or service. Execute permissions give organization control over what specific botlets or service can call one another.

Execute permissions can also be granted to an individual botlet, service, or the whole organization (i.e., all botlets and services under this organization). People, entities, and renderers (i.e., assets) are not granted execute permissions.

For example:

If Botlet A has an execute permission list containing Botlet B, this means that Botlet A can be called only by Botlet B. All other calls will result in an error. By default, each botlet has all assets of its parent organization in the execute list.

Organization Permissions

When you add a new permission on an asset level to an organization, this means that any asset or person under the organization has permissions to this asset. You can then individually manage permissions on any child item of that organization. The members of an organization have read/write permissions to all the assets in the organization.

Under an organization, you have the following members:

  • Admin
  • Developers

Admin Permissions

If you create an organization in the Workspace, you are the admin of the organization. You can also designate multiple admins to an organization.

Admins to organizations have the permissions to:

  • Delete an organization
  • Add and delete developers
  • Promote a developer to the admin role
  • Reverse an admin to a developer role

Developer Permissions

Developers can only have read/write permissions because execute permissions are only for botlets and services. People, entities, and renderers (i.e., assets) do not execute code. Developers have complete write access to all of the assets under the organization.

Viewing Granted Permissions

The steps that follow describe how to view granted permissions to members of an organization.

To view granted permissions to members of an organization, refer to the steps below:

  1. In the Items Tree, select an organization (e.g., my_first_organization).
alternate text
  1. In the Control Panel, click the Granted Permissions menu tab.
alternate text

The Granted Permissions page shows you the details as to who is the admin of the organization and who are the developers that belong under it.

Note: If there are no developers listed in the Granted Permissions page, it means that no developers were added as members to the organization.

Deleting Developers Granted Permissions

The steps that follow describe how to delete granted permissions to a developer of an organization.

To delete granted permissions to a developer of an organization, refer to the steps below:

  1. In the Items Tree, select an Organization.
  2. In the Control Panel, click Granted Permissions.
alternate text
  1. Click Delete.
alternate text
  1. Click Save.
alternate text

Note: You cannot delete a single admin from an organization since all organizations require at least one admin.

Promoting a Developer to the Admin Role

The steps that follow describe how to promote a developer to the admin role.

To promote a developer to the admin role, refer to the steps below:

  1. In the Items Tree, select an Organization.
  2. In the Control Panel, click Granted Permissions.
alternate text
  1. Click Promote to admin.
alternate text
  1. Click Change to developer of the former admin (e.g., John B).
alternate text
  1. As shown in the previous image, click Change to developer once again of the former admin (e.g., John B), and then click Save.
alternate text

Note: The above screenshot shows that the former admin (i.e., John A) is now granted to the developer role. You can also repeat the above steps to demote an admin to a developer role.

Granting Asset Permissions

The steps below are high-level details of how you can grant permissions to an asset for developers or an organization.

Developer

To grant a developer permissions to an asset, refer to the following steps:

  1. Select an organization in the Items Tree.
  2. Select or create an asset (e.g., botlet) in the organization.
  3. In the Control Panel, click the Permissions menu tab.
  4. To grant permissions to a developer, click Developers.
  5. Next, click + Add a developer.
  6. Enter the e-mail address of the developer, and click Add.
  7. Grant permissions by selecting Read or Write.
  8. Click Save.

Note: The features and functionality to search for people is coming to the Workspace in the near term.

Additional Information: The designated admin to the organization is granted Write permissions by default. To grant the admin read only permissions, uncheck write permissions, and the read permission will automatically be checked on.

Organization

To grant an organization permissions to an asset, refer to the following steps:

  1. Select an organization in the Items Tree.
  2. Select or create an asset (e.g., botlet) in the organization.
  3. In the Control Panel, click the Permissions menu tab.
  4. To grant permissions to an Organization, click Organizations.
  5. Next, click + Grant permissions to an organization.
  6. Enter the name of the organization, and click Add.
  7. To grant read only permissions, click Read.
  8. To grant write only permissions, click Write.
  9. For read and write permissions, click Read and click Write.
  10. For execute only permissions, click Execute.
  11. For write and execute permissions, click Write and Execute.
  12. Click Save.

Note: If you select write permissions, read permissions is automatically granted, but the check box for selecting it is greyed out.

Deleting Asset Permissions

The steps below are high-level details of how you can delete permissions to an asset for developers and to an organization.

Developer

To delete developer permissions to an asset, refer to the steps below:

  1. Select an organization in the Items Tree.
  2. Select the asset (e.g., botlet) in the organization.
  3. In the Control Panel, click the Permissions menu tab.
  4. In the list of developers, click Delete (i.e., trash can).
  5. Click Save.

Organization

To delete an organization’s permissions to an asset, refer to the steps below:

  1. Select an organization in the Items Tree.
  2. Select the asset (e.g., botlet) in the organization.
  3. In the Control Panel, click the Permissions menu tab.
  4. In the list of organizations, click Delete (i.e., trash can).
  5. Click Save.

Note: As of now, there is no user interface functionality to request permissions. This will be coming soon to Workspace.

Contacting Support

If you encounter a technical issue and you require assistance, please send an e-mail message to:

kstore@microsoft.com