CorasWorks Global Variables permissions explained

Working within a highly secure environment recently, I had a need to detail out the effective permissions necessary to leverage the CorasWorks Global Variables (GVs) – specifically, the client wanted to understand the absolute minimum permissions needed to leverage the GVs and so I thought it worthwhile to share here.

First, know that when CorasWorks Central Configuration is first enabled on a web application, a custom list entitled “CWActionsGlobalSettings” is created within the selected Central Config site. This list will effectively store the variables in an XML blob, inside a single List Item, that is managed by the GUI that is the Global Variable Manager.

Next – and this is key – the user who creates the first GV must have at least Owner rights on the “CWActionsGlobalSettings” List. This is because upon creation of the first GV, a multi-line text column entitled “CWActionsGlobalSettings” (yes, same name as the List itself) is created within the List and the XML blob is first created, with the first GV present.

Now going forward, only Contribute rights are needed for those that you want to be able to manage GVs, as Contribute provides them insert & edit rights to that special List Item. However, because Contribute rights does not allow a user to add columns to a list, a user with those rights will not be able to create that first GV.

And finally, as is hopefully fairly obvious, any users who you want to be able to read GV values (i.e. if a GV is used in a solution they’re using), end users must have Read rights to the ”CWActionsGlobalSettings” List. The inverse is also true; if a user does not have Read rights to that list, they will not be able to see the GVs, what their value is or use any part of a solution that leverages a GV.

Comments are closed.