ym1198
ym119817mo ago

Author role user have access to variables/secrets too of that folder

I am giving a user XYZ access as operator on workspace-level and author of a particular folder. The person is not a developer but a sales team member so he should only be executing the script/flow in that folder. Currently, the person XYZ can read the script also of that folder (can see the code). I am fine with this. But the person XYZ can also read the secrets/variables of that folder. The person XYZ cannot directly see the secrets Variables tab in left-sidebar but if the person goes to url of variables tab, XYZ can see the variables there. How can i just XYZ access to execute script (fine with read too, for now) but not permission to read the variables.
6 Replies
rubenf
rubenf17mo ago
I have on the backlog to disable operators to decrypt variable So it will be solved very soon in the frontend and somewhat soon in the api
Sindre
Sindre17mo ago
I also have sales on windmill. Do sales actually run scripts? My solution is to have a folder with all apps they should have access to. Not sure if that would be a solution to you? Then they have not access to scripts or secrets but can run them trough the apps.
rubenf
rubenf17mo ago
Doing everything as app is one way but the proper way is to give read access to secrets and have those secrets not loadable in frontend by operator Which we need to implement We will also do a button to easily convert a script or flow as an app
Sindre
Sindre17mo ago
Proper way kind of depends on context. I found this "workaround" to be much better. Sales do not want to understand stuff, just get things done. Creating the simplest possibly app is the best way based on my context.
rubenf
rubenf17mo ago
Fair enough Let me rephrase, those are 2 alternatives solutions
ym1198
ym1198OP17mo ago
this will be very helpful this is good but now i have to learn how to make apps this will be very fantastic