feat: General Resource Access #1894
Conversation
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
|
Going over the preview myself:
|
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
Co-authored-by: Michał Olender <92638966+TC-MO@users.noreply.github.com>
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
|
|
||
| Thanks to the hard-to-guess, unique IDs, it’s also secure enough for most use cases. However, it doesn't offer features like access revocation and in some cases, you may want to have more direct control over data access and require users to have explicit permissions to your resources. | ||
|
|
||
| _General resource access_ is an account setting that defines the default access policy at the account level. You can find general resource access in Apify Console under **Settings → Security & Privacy**. The two following options are supported: |
There was a problem hiding this comment.
Sorry this should have been bold, my bad
|
|
||
| ## How restricted access works | ||
|
|
||
| If your **General Resource Access** is set to **Anyone with ID can read**, you can just send this link to anybody, and they will be able to download the data even if they don’t have an Apify account. However, once you change the setting to **Restricted**, this API call will require a valid token with access in order to work. In other words, you’ll have to explicitly share the dataset and you can only do that with people who have an Apify account. |
There was a problem hiding this comment.
If the feature is not title cased in UI, we should not title case it in docs either
| If your **General Resource Access** is set to **Anyone with ID can read**, you can just send this link to anybody, and they will be able to download the data even if they don’t have an Apify account. However, once you change the setting to **Restricted**, this API call will require a valid token with access in order to work. In other words, you’ll have to explicitly share the dataset and you can only do that with people who have an Apify account. | |
| If your **General resource access** is set to **Anyone with ID can read**, you can just send this link to anybody, and they will be able to download the data even if they don’t have an Apify account. However, once you change the setting to **Restricted**, this API call will require a valid token with access in order to work. In other words, you’ll have to explicitly share the dataset and you can only do that with people who have an Apify account. |
There was a problem hiding this comment.
Good catch, if it's fine with you, I think actually title casing the references in text seems nicer. Changed in 6934a33
There was a problem hiding this comment.
But it's not title cased in the UI, why would it be then title cased in documentation?
There was a problem hiding this comment.
🤦🏻 makes sense, amended in f774ce3
| Even if your access is set to **Restricted** there are a few built-in exceptions that make collaboration and platform features work seamlessly. These are explained in the sections below. | ||
|
|
||
|
|
||
| ### Builds of public Actors |
There was a problem hiding this comment.
can you make all those headings h4? I think this will make them disappear from the right side ToC, and if markdownlint will be screaming then I'll fix the issues
There was a problem hiding this comment.
Fixed in 6934a33 (made the parent ### Exceptions a h3 and the children h4)
|
|
||
| ### Builds of public Actors | ||
|
|
||
| Builds of **public Actors** are always accessible to anyone who can view the Actor — regardless of the Actor owner’s account **General Resource Access** setting. |
There was a problem hiding this comment.
Any reason why we are bolding public Actors? also:
| Builds of **public Actors** are always accessible to anyone who can view the Actor — regardless of the Actor owner’s account **General Resource Access** setting. | |
| Builds of **public Actors** are always accessible to anyone who can view the Actor — regardless of the Actor owner’s account **General resource access** setting. |
|
|
||
| Builds of **public Actors** are always accessible to anyone who can view the Actor — regardless of the Actor owner’s account **General Resource Access** setting. | ||
|
|
||
| This ensures that public Actors in the Apify Store continue to work as expected. For example, if you open a public Actor in the Console, you’ll also be able to view its build details, download logs, or inspect the source package — without needing extra permissions or a token. |
There was a problem hiding this comment.
| This ensures that public Actors in the Apify Store continue to work as expected. For example, if you open a public Actor in the Console, you’ll also be able to view its build details, download logs, or inspect the source package — without needing extra permissions or a token. | |
| This ensures that public Actors in the Apify Store continue to work as expected. For example, if you open a public Actor in Console, you’ll also be able to view its build details, download logs, or inspect the source package — without needing extra permissions or a token. |
| - Are scoped to a single resource (prevents access to other records) | ||
| - Are ideal for sharing screenshots, reports, or any other one-off files | ||
|
|
||
| To generate a pre-signed link, you can use the **Export** button in the Console, or call the appropriate API client method. |
There was a problem hiding this comment.
| To generate a pre-signed link, you can use the **Export** button in the Console, or call the appropriate API client method. | |
| To generate a pre-signed link, you can use the **Export** button in Console, or call the appropriate API client method. |
|
|
||
| :::info Console links for resources | ||
|
|
||
| Resource objects returned by the API and clients (like `apify-client-js`) include a `consoleUrl` property. This provides a stable link to the resource's page in the Apify Console. Unlike a direct API link, the Console link will prompt unauthenticated users to sign in, ensuring they have required permissions to view the resource. |
There was a problem hiding this comment.
| Resource objects returned by the API and clients (like `apify-client-js`) include a `consoleUrl` property. This provides a stable link to the resource's page in the Apify Console. Unlike a direct API link, the Console link will prompt unauthenticated users to sign in, ensuring they have required permissions to view the resource. | |
| Resource objects returned by the API and clients (like `apify-client-js`) include a `consoleUrl` property. This provides a stable link to the resource's page in the Apify Console. Unlike a direct API link, Console link will prompt unauthenticated users to sign in, ensuring they have required permissions to view the resource. |
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
Co-authored-by: Michał Olender <92638966+TC-MO@users.noreply.github.com>
|
Preview for this PR was built for commit |
|
Preview for this PR was built for commit |
This PR adds documentation for General Resource Access, new account and resource level setting that enables to fine tune resource access when using resource ids or links.