If you’ve ever seen the inside of the Admin Console for Launch Client Side or Launch Server Side, you’ve probably seen theManage Propertiesright under theCompany Rightstab.
Any users who belong to a group with this Permission Item can create new properties, edit the settings on existing properties, anddelete properties.
However, there’s another tab where you can select from a list of all existing properties and limit the group’s access to a specific subset of properties.
The interaction between these two sets of rights creates a strange scenario, where any time you had a group with the Company Rights > Manage Properties right andProperties > Auto-include: Off, those users can create new properties, but cannot see them. That’s weird.
We’re fixing this, but it requires a tweak to what the Company Rights > Manage Propertiesright allows you to do. Groups with Properties: Auto-include: On will not be affected. Groups with Properties: Auto-include: Off will see the effects of this change and shouldevaluate if they want to make modifications to their permission assignments.
At the most basic level, we are changing the Manage Properties right to implicitly include the ability to view all properties. Manage Properties will allow you to create, read, edit, and delete any property within the company. While this technically expands the capabilities of those who have this right (an addition of privilege), the change will align it with what most customers expected to it to do in the first place.
Note that the change does not grant the ability to edit any resources within any property. That capability is associated with the Property Rights > Develop right, so you’ll have to have that as well if you want to change any resources within any of your properties.
This change increases the scope of the Manage Properties right, however, we still wanted to preserve the ability to meet more granular permission scenarios, so we are also adding a new right under the Property Rights tab called Edit Property.
All rights in this section apply only to the properties selected under the Properties tab. This new right allows you to edit any properties selected there.
As an example, granting this right to a group that also hasProperties > Auto-include: On would allow these users to edit the settings of any existing properties, but they would not be able to Create or Delete any other properties. Only the Company Rights > Manage Properties right can do that.
Granting this right to a group that only has access to Property A, Property B, and Property C will allow these users to edit the property resource only for Property A, Property B, and Property C. It will not allow them to edit any other properties,nor will it allow them to create and delete other properties.
This new right will not be automatically added to any groups. It is simply available for assignment to any groups by anyone with proper access to the Admin Console.
It is probable that at least a few customers know exactly what the existing behavior does and have deliberately set Properties > Auto-include: Off to allow users to edit the property resource, knowing that it would also allow the creation of new properties that they couldn’t see.
This change will make it so that those users can now see the properties that they created – along with all other properties. More importantly, those users will also be able to delete any existing properties because they can see them now.
The new Property Rights > Edit Property right allows the old capability, but without any of the unintended consequences. Administrators should evaluate whether they want to change their existing permission sets before or after this change is made.
We are making this change to align the behavior of Platform Launch with our user’s expectations, but also realize that it may require adjustments for some our customers. We have scheduled this release for July 19. I apologize for the inconvenience, but believe the change has a net positive impact for our customers and users.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.