Is it possible to allow read-only access to certain Rulesets based on Access Groups?
We want to restrict certain operators (via Access Groups) from creating/modifying any rules in certain Rulesets listed in the Application.
Let's say we have the following setup:
MyApp:01.01.01 has Application rulesets: RuleSet1, RuleSet2, RueSet3
Access Groups: AG1 & AG2 both has Application: App123:01.01.01
AG1 should have full read-write access to RuleSet1 & RueSet3 but only read-only access to RuleSet2
AG2 should have full read-write access to RuleSet2 & RueSet3 but only read-only access to RuleSet1
We have considered the following options but none of them quite work for us:
1. Lock the rulesets: this is a new application under active development and all rulesets in constant use so this is not really feasible
2. Create a 2 Application rules:
- MyApp1 has RuleSet1 & RuleSet3 and have AG1 point to this App
- MyApp2 has RuleSet2 & RuleSet3 and have AG2 point to this App
But this would mean that AG1 can't (read) access RuleSet2 and AG2 can't (read) access RuleSet1
3. Use Work class/flow (RuleSet => Security => Rule management) and have an approval process in place: this seems like an overkill and additional resource/time overhead. Moreover, this still doesn't prevent an operator from creating the rule to begin with.
***Edited by Moderator Marissa to update platform capability tags****
In the when condition, you can check whether .pyRuleSet is in your list of restricted rulesets. The when condition can be referenced in your access role for Rule- instances or you could restrict by specific Rule class types if desired.