Setting user permissions
To secure and restrict access to Guidewire objects, PolicyCenter assigns various roles to each individual user. Each role is a collection of one or more permissions. Each permission controls what a user is able to see or do in a certain area of the application. Guidewire calls permissions that apply to specific user interface elements or data model entities system permissions.
In general, you set system permissions through the use of the
x-gw-permissions attribute in the API Swagger schema. For example, to
give the ability for a user to create an activity, add something similar to the following to
the API schema file:x-gw-permissions:
- actcreateGuidewire recommendations
Guidewire recommends the following:
- If the system permission does not depend on an actual entity object, place the system permission in the API Swagger schema.
- If the permission applies to a specific entity object, place the logic for that permission in the appropriate API handler method.