View User Extra

The standard 'View User' capability does not include rights to execute rules. If a
delegated admin has a user form that calls a rule, they may get an error message
like "View access denied on rule…"

This object defines a capability that includes the right to execute rules. You can
then assign this in addition to 'View User' where appropriate. This would typically
be done via an admin role that assigned 'View User', 'View User Extra', and the
user form.

View rights are also granted to user forms, which seems appropriate, though I'm
not 100% certain what it means.

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE AdminGroup PUBLIC 'waveset.dtd' 'waveset.dtd'>
<AdminGroup name='View User Extra'
            displayName='View User Extra'
            description='Allow execution of rules by user forms.'>
  <Permissions>
    <Permission type='Rule' rights='View'/>
    <Permission type='UserForm' rights='View'/>
  </Permissions>
  <Assigners>
    <ObjectRef type='User' id='#ID#Configurator'/>
  </Assigners>
  <MemberObjectGroups>
    <ObjectRef type='ObjectGroup' id='#ID#All' name='All'/>
  </MemberObjectGroups>
</AdminGroup>
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License