You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To use custom roles in login policies, copy the role ID from **Organization Settings** → **Access Control Center** → **Roles** → select role → copy ID.
115
115
116
116
!!! warning
117
-
- Please note that Login policies are only allowed to be created in the `root` space, therefore only `root` space admins
118
-
and administrative stacks, as well as `legacy` space administrative stacks can create or modify them.
119
-
- A logged-in user's access levels only get updated when they log out and in again, so newly added spaces might not be
120
-
visible to some users. An exception is that the space's creator immediately gets access to it.
117
+
- Please note that Login policies are only allowed to be created in the `root` space, therefore only `root` space admins and administrative stacks, as well as `legacy` space administrative stacks can create or modify them.
118
+
- A logged-in user's access levels only get updated when they log out and in again, so newly added spaces might not be visible to some users. An exception is that the space's creator immediately gets access to it.
121
119
122
120
## Inheritance
123
121
@@ -141,8 +139,10 @@ Let's analyze the tree starting from the left.
141
139
142
140
As mentioned, the user was granted **Write** access to the `write access space` space.
143
141
Because inheritance is enabled, they also received **Read** access to the `access propagates up` space and the `root` space. The reason for that is to allow users to see resources that their space can now use.
142
+
144
143
Next, the user was given **Admin** access to the `admin access space` space. Regardless of the inheritance being off, they also received **Admin** access to the `access propagates down` space.
145
144
This makes sense, as we want to allow admins to still manage their spaces subtree even if they want to disable resource sharing between some spaces.
145
+
146
146
Finally, the user was given **Read** access to the `read access space` space. Because inheritance is off, they did not receive **Read** access to the `legacy` space.
0 commit comments