Skip to main content

PermissionDialog

Overview of the PermissionDialog control and how to assign permissions, including decrypt.

Features

  • Role and user assignments
  • Inline checkboxes for permissions
  • Helper to grant SYSTEM decrypt for internal services

Decrypt Permission

  • The enum now includes VIEW_DECRYPTED. Granting this to SYSTEM allows server-side services (e.g., LLM controller) to decrypt secure fields without exposing secrets to anonymous clients.
  • From the dialog, click “Grant SYSTEM decrypt” to add an assignment with username SYSTEM and permission VIEW_DECRYPTED.

Security Notes

  • Anonymous users never gain READ of secure fields via this setting; decryption is used internally for server-to-server calls.
  • You must still restrict endpoints that return sensitive objects; avoid exposing secure fields directly in API responses.