SOOO handy to have the ability to invoke Coda Admin API functionality through a pack.
I am trying to better leverage IAM capabilities from our Microsoft Entra AIM, specifically, using groups to manage access to certain resources on Coda. Here is one problem I am trying to solve:
- Let’ say I have 4 groups: Managers, Admins, Project A team, Project B team (I know, I am using roles and projects which should be user attributes)
- I would like to give edit access to all Managers of Project A team to Project A’s Coda doc, and view Access to all Project A’s Admins.
- Possible solutions:
3a. I could start multiplying the number of groups by creating all permutations, or
3b. I could use boolean logic to define access, which is impractical as the number of combinations to maintain manually increase pretty quickly (what if I have now VPs, Project Managers, Project controllers, Admins and 40 projects… that’d be 4 roles per 40 projects = 160 groups!), I could use in Entra security attributes to users and create dynamic groups based on these attributes, but that’s even more work now: assign multiple attributes to each user, create each dynamic group based on those attributes, etc… - Problem: I understand access to docs on Coda are always an “OR”: if I add Managers to Project A, all Managers (including those on Project that are not Project A get added). If I add Project A team I get everyone in that project (irrespective of whether they are managers or admins) added to the doc with the same permission. WHat I need is an “AND” for membership in both teams (in Managers AND in Project A team, so I can get the managers in Project A).
- Possible workaround: I can manage what users can see and do on Coda itself with locking and filters, as long as I can see who belongs to each group: I provide edit access to all Project A team members, and depending on whether theyr are found on the Managers or Admins group, I can define a lot of what they can see or do on Coda itself (not exactly the same as an edit/comment/view document but close enough for my purposes)
ASK for the CODA team: could you please include in the Coda Admin Pack tables that list the users who are members of a given group? Coda API provides that functionality - our team eventually will be able to create a pack to do that, but I believe it would be such a great addition to the Admin Pack’s functionality!