Role-Based Element Listing

The Role Based Element Listing feature provides the ability for users to control listing elements at organizational level; that is, the ability to control what elements at organization level can be viewed by all the accounts and users under an organization.

To list elements of your preference, you need to enable the Manage Element Org Lists privilege. You require this privilege to add, update and delete elements for listing elements as per your requirements. 

  • On Cloud Elements UI, click the Security option on the navigational panel to your left.
  • Switch to the Roles tab on the console that opens.
  • Ensure that the Manage Element Org Lists privilege is enabled.

This privilege is enabled for Organization Administrators by default. Organization administrators can use the listing APIs without having to explicitly enable this privilege as mentioned above. 

This feature makes use of the following APIs:

  1. Get Element Safelists - GET/url/organisations/{organisationId}/elements-safelist - Gets the list of safelisted elements for the provided organization id.
  2. Update Element Safelists - PUT/url/organisations/{organisationId}/elements-safelist - Adds elements to be safelisted for the provided organization id.
  3. Patch Element Safelists - PATCH/url/organisations/{organisationId}/elements-safelist - Adds elements to elements saflisted in an organization.
  4. Delete Element Safelists - DELETE/url/organisations/{organisationId}/elements-safelist - Deletes elements from the list of safelisted elements in an organization.
  5. Delete Element Safelists by Element Id - DELETE/url/organisations/{organisationId}/elements-safelist/{ element Id} - Deletes the element corresponding to the element Id, from the list of safelisted elements in an organization.

Points to note:

  • Cloud Elements also has a feature to add elements to a Denylist at the super-organization level. This feature is implemented only for whitelabel partners, using which they can make sure an element is not visible to any of the organizations under the super-organization.
  • If a whitelabel super-organization which contains multiple organizations has added an element to it denylist at the super-organization level, that element cannot be safelisted for any of its organizations. Both the safelist and denylist are mutually exclusive to each other for a given organization. An error message appears when you try adding an element to a denylist when it is already added to a safelist and vice versa.
  • When elements are added to safelist by an organization, all the accounts and users under the organization will only be able to see the safelisted elements. Any user who has private elements in an organization, will not see them.
  • This privilege is enabled by default for an organization administrator and can be enabled for other roles by enabling the configure_roles privilege. Hence this feature is not tied to any particular role and is at the discretion of the organization administrator.
  • To remove elements from the safelist of an organization, you will need to use the DELETE API and delete the elements from the safelist. The privilege does not directly impact the behaviour of this functionality, so enabling or disabling the privilege would not change what is on the list.