Can the modify rights to "Name" and "Agent Host Name" of a resource be restricted?
I am trying to create a sandbox for developers and want to give them as close to full control as possible to their project, artifacts, and resources. the issue I am currently running into is on the resources. If I give them modify rights to the resource, they will have the ability to change the "Name" or "Agent Host Name" to invalid or worse other resource values (production for example).
I would like to restrict the ability on just those two values yet let them have modify to the rest of the resource. Is this possible?
Answer by mike westerhof · Feb 27, 2015 at 10:04 PM
No, ACLs cannot be attached to intrinsic properties (in fact, ACLs cannot be attached to any properties -- that would be way too much overhead to manage). You can only put ACLs on property sheets, and on objects (like the resources) themselves.
The solution is to use a factory procedure - the ACL on the resource grants permissions to the trusted project containing the procedure, and the procedure performs the modification on behalf of the user, after checking the parameters to make sure that they are not attempting to change things in ways they are not permitted to do.
Electric Cloud powers Continuous Delivery, helping organizations developing deliver better software faster by automating and accelerating build, test, and deployment processes at scale. Industry leaders like Qualcomm, SpaceX, Cisco, GE, Gap, and E*TRADE use Electric Cloud solutions to boost DevOps productivity and Agile throughput.