Best Practices for Managing Permissions and Access in Appfarm Services

Hello everyone,

I’ve been encountering some challenges with setting up the right permissions and access levels while integrating third-party services using the new Dev Tools for Services in Appfarm. I’m able to troubleshoot and get the logic of my services up and running smoothly within the development environment. However, the real trouble begins when I attempt to utilize services provided by third parties.

It seems like there might be an issue related to the access rights of the service users, but with numerous dependencies and a somewhat cluttered overview, it’s quite difficult to pinpoint the exact problem. I am reaching out to see if anyone here has faced similar issues and how you managed to resolve them.

What are the best practices for ensuring that a service has the appropriate permissions? Are there specific tools or methods within Appfarm or Nice Dev Tools that you find effective for managing and verifying access rights and roles? Any insights or recommendations would be greatly appreciated as I navigate through these complexities.

Thank you in advance for your help!

Hi!

In general, the best practice for setting up the correct permissions for Services in Appfarm is the “principle of least privilege” and to use a separate role for the Service Account.

  • I would recommend a dedicated role for each Service Account representing external access (e.g. one role for each vendor with external access to Appfarm Services, at least if they require access to different data), and another one for Service Accounts used by internal Service Schedules.
  • Make sure that Role has permission only to the relevant Services and Object Classes in the Permission section in Appfarm Create.
  • Make sure to test the Service with a user that has the given Role. E.g., you may create a test user, and assign only the given role to that user. If you want to test the Devtools for Services with that Role, you need to temporarily give that role access to Devtools for Services in Permissions → Advanced → Devtools for Services.

Regarding testing services (using Service DevTools) with the correct role: we have a challenge registered on the ability to simulate a given role when testing services.