Hi all,
I’m trying to clarify the permission model for calling AIP Logic through the API using a Foundry Personal Access Token (PAT).
Questions:
-
Does the caller always need full read access to:
-
The Compass project containing the AIP Logic
-
All ontology object types referenced (even if not all are returned in a given call)
-
The underlying datasets powering those objects?
-
-
Or does AIP Logic run “in the caller’s security context,” automatically limiting results to only the ontology objects the caller is permitted to see?
-
If the logic references (or can reference) 10 object types, and the caller only has access to 4:
-
Will the execution succeed and transparently filter to those 4?
-
Will missing permissions cause partial errors or a hard failure? Or even full access to all 10 object types?
-
-
What is the best practice for safely exposing AIP Logic endpoints to end users with heterogeneous permissions?
We want to avoid over‑granting read access to entire Compass projects or datasets just so someone can trigger a logic endpoint. At the same time, we need predictable behavior when users have only partial ontology visibility.
Thanks!