Skip to main content

Access Control Request Template

The Access Control Request Template is a standard Witboost template like the ones that are used to create Data Products and Components, but it has the purpose of customizing the access request for Witboost components through the Marketplace. The main value that this kind of templates wants to create is the fact that the Platform Team team can customize its own Access Control Request template with the pickers they need, and attach the content of the user input in the access request.

How it works

This kind of template can be imported only by the Platform Team team in the Settings section as shown in the following image:

import access control request template

tip

If the Settings section is not displayed, please refer to Platform Settings section to enable it.

Here the Platform Team team can insert the URL of an existing template in order to import it.

At most one grant and one revoke Access Control Request templates can exist in Witboost. When both are imported correctly, this info toast appears instead of the import dialog:

import access control request template 2

caution

The user cannot register an Access Control Request Template by itself from the Builder page.

Access Control Request Template YAML file

The Platform Team team can define an Access Control Request template by simply creating a YAML file. An example of a grant access template is the following:

apiVersion: witboost.com/v1
kind: AccessControlRequestTemplate
metadata:
  name: access-control-request-template
  title: Access Control Request Template
  description: Template definition for requesting access
  tags:
    - aws
    - cdp
    - data-product
spec:
  type: grant
  owner: datameshplatform
  parameters:
    - title: Access Request
      required:
        - identities
        - motivation
      properties:
        identities:
          title: Identities
          type: array
          description: Select users/groups that you are requesting access
          ui:field: IdentitiesPicker
          ui:options:
            maxIdentities: 5
            showOnlyUserMemberGroups: true
            allowedKinds:
              - user
              - group
        motivation:
          title: Motivation
          type: string
          description: Motivate your request
          ui:options:
            multiline: true
            rows: 6

  steps:
    - id: send_request
      name: Send Request
      action: access-request:send
      input:
        identities: '${{ parameters.identities }}'
        fields:
          identities: '${{ parameters.identities }}'
          motivation: '${{ parameters.motivation }}'

It has the same structure of a standard template, so any picker can be used in the parameters section. The main differences are the following:

  • the kind must be AccessControlRequestTemplate
  • the spec.type must be grant
  • the spec.steps part is mandatory, and follows the above schema. For an Access Control Request Template to work properly, the action with value access-request:send must be defined.
  • the spec.steps.input.fields object allows you to define all the fields that you want to attach to the request and that will be sent to an external service, if configured.
info

The identities field is required by witboost in order to know which are the subjects interested in this access request or revoke request.