Reference: JSON Schema for Access Control Statements
Overview
Activity access control statements for Uptempo Plan are built on a JSON-based schema, so the underlying structure of these statements is defined in JSON.
While you can configure most access control statements using the Statement Editor GUI, you also have the option of writing JSON directly in the Raw JSON editor. Using the Raw JSON editor offers more control, and is a requirement for using certain features such as activity attribute conditions (which are currently not supported by the Statement Editor).
This reference guide details the JSON schema for activity access controls. It describes the required structure and fields, and the accepted values and data types, for creating valid access control statements for Uptempo Plan.
Basic Syntax Rules
When writing an activity access control statement in JSON, use standard JSON syntax:
-
Begin and end statements and objects with curly braces {...}
-
Begin and end arrays (e.g. conditions) with square brackets [...]
-
For key-value pairs, use the format "key": "value" :
-
Separate the key and value with colon :
-
Keys must be strings in double quotes "key"
-
If the value is a string, it must be in double quotes "value"
-
-
Separate individual key-value pairs and items in arrays with a comma ,
-
Do not place a trailing comma after the last item
-
-
Do not include comments
Structure
Access control statements use the following basic structure:
{
"effect": "string",
"action": "ActivityAction | ActivityTypeAction",
"resourceType": "string",
"resourceLocator": "ActivityResource | ActivityTypeResource",
"conditions": [
{
"field": {
"name": "string"
},
"operator": "string",
"value": ["string", "string"]
},
{
"field": {
"attributeDefinitionId": "string"
},
"operator": "string",
"value": ["string", "string"]
}
]
}Example
{
"effect": "ALLOW",
"action": "View",
"resourceType": "ACTIVITY",
"resourceLocator": "*",
"conditions": [
{
"field": {
"name": "ACTIVITY_TYPE"
},
"operator": "IS ONE OF",
"value": ["21", "74", "41"]
}
]
}Top-Level Properties
Overview
The top-level properties in an access control statement are:
| Property Name | Type | Required | Description |
|---|---|---|---|
| effect | String (enum) | Yes | Specifies whether the action is allowed or denied. |
| action | ActivityAction | ActivityTypeAction | Yes | Specifies which action against the resource is defined by the statement. |
| resourceType | String (enum) | Yes | Specifies the type of resource controlled by the statement. |
| resourceLocator | ActivityResource | ActivityTypeResource | Yes | Uniquely identifies the resource to which the policy applies. |
| conditions | Array of objects | No | Specifies additional conditions that must be met for the statement to apply. |
Property: effect
| Description | Specifies whether the action is allowed or denied. Currently, the only valid action is ALLOW. |
| Type | String (enum) |
| Required | Yes |
| Values |
|
Example (fragment)
{
...
"effect": "ALLOW",
...
}Property: action
| Description | Specifies which action against the resource is defined by the statement. The structure depends on the value of the resourceType property. |
| Type |
One of:
|
| Required | Yes |
Type: ActivityAction
| Description | Actions that can be specified when the value of resourceType is ACTIVITY. |
| Type | String (enum) |
| Values |
|
Example (fragment):
{
...
"action": "View",
"resourceType": "ACTIVITY",
...
}Type: ActivityTypeAction
| Description | Actions that can be specified when the value of resourceType is ACTIVITY_TYPE. |
| Type | String (enum) |
| Values |
|
Example (fragment):
{
...
"action": "CreateActivity",
"resourceType": "ACTIVITY_TYPE",
...
}Property: resourceType
| Description | Specifies the type of resource controlled by the statement. |
| Type | String (enum) |
| Required | Yes |
| Values |
|
Example (fragment):
{
...
"resourceType": "ACTIVITY_TYPE",
...
}Property: resourceLocator
| Description | Uniquely identifies the resource to which the policy applies. The structure depends on the value of the resourceType property. |
| Type |
One of:
|
| Required | Yes |
Type: ActivityResource
| Description | Specifies the activity when the value of resourceType is ACTIVITY. |
| Type | String (enum) |
| Values |
|
Example (fragment):
{
...
"resourceType": "ACTIVITY",
"resourceLocator": "*",
...
}Type: ActivityTypeResource
| Description | Specifies the activity type when the value of resourceType is ACTIVITY_TYPE. |
| Type | String (enum) |
| Values |
|
Example (fragment):
{
...
"resourceType": "ACTIVITY_TYPE",
"resourceLocator": "*/12"
...
}Note
For instructions on how to find activity IDs, activity type IDs, and activity type group IDs in Uptempo Plan, see Finding ID Codes.
Property: conditions
| Description | Specifies one or more additional conditions that must be met for the statement to apply. |
| Type |
Array of objects |
| Required | No |
| Properties |
|
Example (fragment):
{
...
"conditions": [
{
"field": {
"name": "string"
},
"operator": "string",
"value": ["string", "string"]
},
{
"field": {
"attributeDefinitionId": "string"
},
"operator": "string",
"value": ["string", "string"]
}
]
}Nested Properties: conditions Object
Each object in the conditions array describes a separate condition that must be met for the statement to apply, and consists of the following properties:
| Property Name | Type | Required | Description |
|---|---|---|---|
| field | Object | Yes | Specifies what the condition is based on. Conditions can be based on the selected option(s) of an attribute, or on activity type(s) or activity type group(s). |
| field.name | String (enum) | No | Specifies that the condition is based on matching activity type(s) or activity type group(s) provided in the value array. |
| field.attributeDefinitionId | String | No | Specifies that the condition is based on matching the selected option(s) of an attribute. Provides the ID of the attribute definition to compare against the value array. |
| operator | String (enum) | Yes | Specifies the logical operator used to evaluate the ID value(s) in the value array against the condition basis defined by the field object. |
| value | Array of strings | Yes | Provides one or more IDs or attribute options to compare against the condition basis defined by the field object. |
Property: field
| Description | Specifies what the condition is based on. Conditions can be based on the selected option(s) of an attribute, or on activity type(s) or activity type group(s). |
| Type |
Object |
| Required | Yes |
| Properties |
Must include one of:
|
Nested Property: name
| Description | Specifies that the condition is based on matching either activity type(s) or activity type group(s) provided in the value array. |
| Type | String (enum) |
| Required | No |
| Values |
|
Example (fragment):
{
"field": {
"name": "ACTIVITY_TYPE"
},
...
}Nested Property: attributeDefinitionId
| Description | Specifies that the condition is based on matching the selected option(s) of an attribute. Provides the ID of the attribute definition to compare against the value array. |
| Type | String |
| Required | No |
| Value Format | ATTRIBUTE_DEFINITION_ID |
Example (fragment):
{
"field": {
"attributeDefinitionId": "123456"
},
...
}Property: operator
| Description | Specifies the logical operator used to evaluate the ID value(s) in the value array against the condition basis defined in the field object. |
| Type | String (enum) |
| Required | Yes |
| Values |
|
Example (fragment):
{
...
"operator": "IS_ONE_OF",
...
}Property: value
| Description | Specifies one or more Activity Type IDs, Activity Type Group IDs, or Attribute Option IDs to compare against the condition basis defined in the field object. |
| Type | Array of strings |
| Required | Yes |
| Value Format |
Determined by the property and value specified in the field object:
|
| Notes |
|
Tip
See Finding ID Codes for instructions on how to find Activity Type IDs, Activity Type Group IDs, Attribute Definition IDs, and Attribute Option IDs in Uptempo.
Example (fragment):
{
...
"value": ["123", "456", "789"]
}Finding ID Codes
If you create an access control statement with a conditions object, you must provide ID codes to uniquely identify activity types, activity type groups, attribute definitions, and attribute options.
In this section, you can find instructions for finding these ID codes in Uptempo.
Find Activity Type and Activity Type Group IDs
Use these instructions to find IDs with the value formats ACTIVITY_TYPE_ID and ACTIVITY_TYPE_GROUP_ID. These ID codes are valid for the value property.
To find ACTIVITY_TYPE_ID and ACTIVITY_TYPE_GROUP_ID codes, follow these steps:
-
Log in to your Uptempo instance. Click on
Activities in the navigation menu.The Activities section opens to the Timeline.
-
In the Timeline, click
Filter.The Filter by menu opens:
-
In the Select Condition menu for Type, select the condition is.
-
In the Set a value menu:
-
In the first panel, select the activity type group for which you want to find the ACTIVITY_TYPE_GROUP_ID.
-
Optional: In the second panel, select the activity type for which you want to find the ACTIVITY_TYPE_ID.
-
-
Click Apply.
The Filter by menu closes, and the Activities page refreshes.
-
In the browser URL bar, find the query string parameter beginning with filter=:
-
The value of this parameter provides the IDs for the selected activity type group and activity type:
-
The value will have the format typeGroupId~IS~tgXXX-tYYY, where:
-
XXX is a numeric string representing the ACTIVITY_TYPE_GROUP_ID (denoted by the prefix tg)
-
YYY is a numeric string representing the ACTIVITY_TYPE_ID (denoted by the prefix t).
-
-
Note that IDs are numeric only — do not include the t or tg prefix.
-
If you only specified an activity type group (but no activity type), the value will not include the -tYYY portion.
-
Find Attribute Definition IDs and Attribute Option IDs
Use these instructions to find IDs with the value format ATTRIBUTE_DEFINITION_ID and ATTRIBUTE_OPTION_ID. These ID codes are valid for the field.attributeDefinitionId and value properties, respectively.
To find ATTRIBUTE_DEFINITION_ID and ATTRIBUTE_OPTION_ID codes, follow these steps:
-
Log in to your Uptempo instance. Click on
Activities in the navigation menu.The Activities section opens to the Timeline.
-
In the Timeline, click
Filter.The Filter by menu opens:
-
In the Select Attribute menu, select the attribute for which you want to find the ATTRIBUTE_DEFINITION_ID.
-
In the Select Condition menu, select the condition is.
-
In the Set a value menu, select the attribute for which you want to find the ATTRIBUTE_OPTION_ID.
-
Click Apply.
The Filter by menu closes, and the Activities page refreshes.
-
In the browser URL bar, find the query string parameter beginning with filter=:
-
The value of this parameter provides the IDs for the selected attribute definition and attribute option:
-
The value will have the format tgXXX-tXXX-aYYY~IS~ZZZ, where:
-
YYY is a numeric string representing the ATTRIBUTE_DEFINITION_ID (denoted by the prefix a)
-
ZZZ is a numeric string representing the ATTRIBUTE_OPTION_ID
-
You can ignore the tgXXX and tXXX values
-
-
Note that IDs are numeric only — do not include the a prefix.
-
Tip
To get multiple IDs at once, select the condition is one of in the Select Condition menu, then select multiple activity type groups/activity types/attribute options in the Set a value menu.
The query string in the URL will display the IDs in the format filter=[...]~IOO~XXX%2CYYY%2CZZZ[...], where XXX, YYY, and ZZZ and so on are the requested IDs (the string %2C in between each ID is the HTML encoding for the comma symbol , that is used as a delimiter).
Note
You can also use the Allocadia (Uptempo) API to find Activity Type IDs, Activity Type Group IDs, Attribute Definition IDs, and Attribute Option IDs. This option is useful for quickly retrieving a large number of ID codes. The following endpoints will return ID codes:
-
All Activity Type IDs: GET /activity-types
-
All Activity Type Group IDs: GET /activity-type-groups
-
All Attribute Definition IDs: GET /attribute-definitions
-
All Attribute Option IDs (for a specified attribute): GET /attribute-definitions/{attributeDefinitionId}
For instructions on how to use the Uptempo API, refer to the API documentation.