Additional optional argument to shotgun API sudo_as_login which can choose to retain the script user's permissions

We would like to request an additional optional argument to shotgun API initialization so that when using the sudo_as_login method, we can choose to retain the script user's permissions. So it might look like this:

sg = Shotgun(SGsite.SERVER_PATH, SGsite.SCRIPT_NAME, SGsite.SCRIPT_KEY, sudo_as_login="joe.public", retain_permissions=True)

In this situation everything works exactly the same as before retain_permissions was set to True, except that following api calls will be working under the permissions of the script user, rather than under those of "joe.public".

The motivation for this request is that in order to prevent users from putting in bad data, we would like to remove broad permissions from "joe.public". But this means that he also cannot enter good data on the shotgun webpage. So we would provide him with a script-based tool that will do proper data validation and then use the above api to make the changes on the shotgun back-end.

As a result, in shotgun, the history on the changes would show that "joe.public" has made the changes, and the event log would show that it was really done through the script user.

1 comment

  • 0
    Tony Aiello

    Agreed, this would be a cool feature!

    However, you can work-around this limitation with set_session_uuid as noted in https://support.shotgunsoftware.com/hc/en-us/community/posts/115004295453 .

    This isn't even requesting a permissions change -- it's just asking to use a specified HumanUser's name in the EventLogEntry's created_by field with the actual script used in the event's Meta field, very similar to how sudo_as_login works.  That said, the set_session_uuid trick is nice in that both fields are still sort-able + filter-able, while EventLogEntry.meta cannot be used for sorting + filtering.

Please sign in to leave a comment.