feat: Public Actor Permissions #2053
Conversation
|
|
||
| ### Resource permissions | ||
|
|
||
| The `resourcePermissions` field expresses **what operations your Actor needs on the user-selected storage(s)**. It is evaluated at run start and used to expand a [Limited-permissions Actor's](../../permissions/index.md#) scope to be able to access the resource sent via Actor's input. |
There was a problem hiding this comment.
I'd be more explicit about this impacting only limited permission Actors.
If your Actor runs with limited permissions, it needs to declare what kind of access it requires to resources provided by users through input.
Also an example could help:
For example, if your Actor supports outputting into user-provided storage, it'll require write access on that storage.
| - `["READ"]` — the Actor may read from the referenced resource(s). | ||
| - `["READ", "WRITE"]` — the Actor may read and write to the referenced resource(s). | ||
|
|
||
| Notes: |
There was a problem hiding this comment.
Let's mention that this will be communicated to the users via the form (the tooltip).
There was a problem hiding this comment.
This is the copy that needs to be updated. Let's not forget about updating this screenshot as well.
| slug: /actors/development/permissions | ||
| --- | ||
|
|
||
| **Learn how to declare and manage permissions for your Actor, what access levels mean, and how to build secure, trusted Actors for Apify users.** |
There was a problem hiding this comment.
"access level" is not really a term that we use. We have "permission level".
|
|
||
| --- | ||
|
|
||
| Every time a user runs your Actor, it runs under their Apify account. **Actor Permissions** is an Actor level setting that defines the level of access your Actor needs to be able to run. This gives users transparency and control over what data your Actor can access, building trust in your tools. |
There was a problem hiding this comment.
(nit) This intro paragraph reads a bit awkward to me. Not sure what "access" means.... also I'd mention the inspiration from "sandboxed" apps on mobile permissions.
|
|
||
| --- | ||
|
|
||
| Every time a user runs your Actor, it runs under their Apify account. **Actor Permissions** is an Actor level setting that defines the level of access your Actor needs to be able to run. This gives users transparency and control over what data your Actor can access, building trust in your tools. |
There was a problem hiding this comment.
Re your Actor: Keep in mind that this documentation should serve all users, not just publishers. You might not own any Actors and still be interested in how you are protected.
I would consider three main parts of the documentation:
- What are Actor permissions. This should be for all users. Somewhat corresponding to Nish's blog post.
- Actor development and permissions. This should be for Actor creators / publishers. Somewhat corresponding to the community documentation (excluding ofc stuff from the first part).
- Migration guide for existing full permission Actors. Targeted at existing Actor publishers. Most of this will be already covered in the previous section but there are a few migration-specific parts (such as how to take care of existing shared cache).
No description provided.