Skip to main content

Who can manage access

Users with the share permission to a resource can grant others access to that resource. This includes users with both share permission to an individual resource, as well as users with an organization role granting them share permission to all resources. For example, a user with the Admin role on the Customer 360 application is able to manage others’ access to that application. Similarly, a user with the integrations:share permission granted to them through an organization role can manage access to all Integrations.

Granting users access to resources

Resources in Superblocks (Apps, Integrations) can be shared with specific users or groups. When you share the resource, you can select the resource role to grant to the user or group. This role dictates the permissions the user has over the resources. To grant access to an individual resource:
  1. Navigate to the resource (Application, Integration) you want to grant access to
  2. Click into the editor or configuration page for that resource
  3. Find and click on the Share button in the upper right-hand corner of the page
  4. In the dialog box that appears, search for the individual or group you want to share the resource with
  5. Select the Resource role you want to assign
  6. Click Share
Grant group access to an Application

Granting specific apps access to integrations

In addition to users and groups, integrations can be shared with specific apps. When an integration is restricted to one or more apps, users can only build with this integration from within the specific apps. An integration can be shared across all applications, or restricted to specific applications.
  • All apps: The integration is available across the organization to users who have access to it. This is the default for new and existing integrations.
  • Specific apps: The integration is only available to the apps you select.
To control which apps can use an integration:
  1. Navigate to the Integrations page and select the integration
  2. Click the Share button
  3. In the App availability section, select Specific apps and choose the apps to grant access, or select All apps to make it available across the organization
  4. Click Share to save your changes

How app and user-level integration access combine when building

App availability and a builder’s own integration permission are checked independently.
  • App availability determines which integrations are available within an app.
  • A builder’s integration permission determines which of those integrations he or she can build with.
Within a given app, a user can only build with an integration when both of the following are true:
  • The integration is available to that app (either All apps or that specific app)
  • The builder has the integration’s build permission, granted directly or through a group.
This means:
  • Sharing an integration with an app does not give that app’s builders permission to build with that integration
  • A builder’s integration permission does not let them use the integration in an app the integration has not been shared with
If an integration is already in use within an app and that app’s access is removed, existing APIs using this integration will continue to execute. However, builders will not be able to build new APIs with that integration.

Integration access in published apps (for end-users)

A user does not need access to a specific integration in order to use the integration as an end-user of an application. This is intentional; the resource permissions for integrations only restrict who can build with the integration (and in which apps). Once the app is published, users can access any features in the app that are shared with them according to their App-level RBAC.

Auditing access changes

All changes to resource permissions, including granting or revoking user, group, and app access, are recorded in Audit logs. Use audit logs to review who changed access to a resource and when. To view changes to integration access, filter by Resource: Integration.

Granting access to all resources

Resource roles give a user access to specific resources. Organization roles differ from resource roles in that they can grant access to all current and future resources of a type. To learn more, see About organization roles

Change the level of access granted

Once a user or group has access to a resource, you can change the level of access they’ve been granted. To change the access level:
  1. Navigate to the resource (Application, Workflow, Integration, etc) you want to grant access to
  2. Click into the editor or configuration page for that resource
  3. Find and click on the Share button in the upper right-hand corner of the page
  4. Find the user or group you want to update
  5. Select the role dropdown and select the new role you want to set

Removing access to a resource

To remove an individual or group’s access to a resource:
  1. Navigate to the resource (Application, Workflow, Integration, etc) you want to grant access to
  2. Click into the editor or configuration page for that resource
  3. Find and click on the Share button in the upper right-hand corner of the page
  4. Find the user or group you want to remove access from
  5. Select the role dropdown and select Remove
  6. In the confirmation dialog, click Confirm
Remove access to individual resource