Exception
You can use the Exception feature to allow or deny a user-action on one or a maximum of two permissions. The permission specifies an action (for example, Download APK or Sync/Export) that a user can perform on the resource. You can apply an exception at the following levels:
User Level:- When you apply an exception at the user-level, the exception is applied to permissions under assigned role for all resources.
Resource Level:- When you apply an exception at the resource level, the exception is applied to permissions available for a specific resource.
You can apply an exception as follows:
To apply an exception:
- On the Teams page, see the list of added members.
- In the list, under Name, find the member’s name to apply an exception.
- After you find the member’s name, click it, and an Info panel expands.
- In the Info panel, click View details, and the <<user name>> page opens.
- On the <<user name>> page, click the Exceptions tab, and a blank panel opens.
- In the blank right panel, click Add Exception, and the Add Exceptions dialog box opens.
- In the Add Exceptions dialog box, under Permission, see the permission to deny or allow the user’s action on it.
Note:- You can apply an exception to a maximum of two permissions.
- After you find a permission (for example, Delete Workspace User), move the mouse pointer to the right, and then click the related list to select one of the followings:
- Allowed:- When you select this value, the user can perform the permission-related function.
- Denied:- When you select this value, the user cannot perform the permission-related function.
- After you change the status of permissions, click Add in the Add Exception dialog box to add the exception.
After you add the exception, the <<user name>> page displays the list of permissions with changed statuses. The list of permissions with changed statuses specifies that you have applied an exception to these permissions.
Vahana Platform’s Deny First Approach
This post is incomplete without discussing this section. Vahana platform’s Deny First Approach is not mere an approach, it is a planned behavior. You can understand this behavior with the following illustrations:
As discussed earlier in this post, you can apply an exception at two levels: the user level and the resource level. Let us understand the Vahana platform’s behavior to manage and apply permissions at these two levels as follows:
Case1:- (You apply an exception at the resource level)
Discussing the exception at the resource level first has a reason. Assume you have assigned the App Developer role to a user X. When you assign the App Developer role to X, you also grant him access to resource A. While assigning access to resource A, you grant ten permissions to the user X. It means that the user can perform ten different permissions-related functions on the resource A.
Now assume you want to apply an exception at the resource level. When you apply the exception at the resource level, you deny two permissions to the user X. After you apply the exception, the Vahana platform, following its deny-first approach, will allow the user X to perform only eight permissions-related functions on the resource A. The user will not be able to perform functions related to permissions to which you have applied the exception.
Case2:- (You apply an exception at the user level)
The last section described how the Vahana platform’s deny-first behavior works when you apply an exception at the resource level. In this section, you can draw an inference when you apply an exception at the user level. Assume you have assigned the App Developer role to a user X. When you assign the App Developer role to X, you also grant him access to three different resources: A, B, and C. While granting access to these resources, you grant the user X a set of twenty permissions on each of these resources. It means that the user X can perform twenty different permissions-related functions on these resources.
Now assume you want to apply an exception at the user level. When you add an exception, you deny two permissions (for example, Create Business Rule and Delete Business Rule) to the user X on the resource C. If these two permissions are also available and allow the user to perform functions (Create Business Rule and Delete Business Rule) in resources A and B, the Vahana platform, following its deny-first approach, will also not allow the user to perform these functions (Add Workspace and Delete Workspace) in resources A and B.
In other words, after you apply the exception, the Vahana platform, following its deny-first approach, will not allow the user to perform these functions (Create Business Rule and Delete Business Rule) in resources A and B, despite these functions being allowed for resources A and B.