Merge pull request #2961 from port-labs/task_t4iypz/view-action-runs-permission-fixed

hadar-co · web-flow · commit 3c23a91cb680 · 2025-10-30T15:15:34.000+02:00
add permission to view action runs
diff --git a/docs/actions-and-automations/create-self-service-experiences/set-self-service-actions-rbac/set-self-service-actions-rbac.md b/docs/actions-and-automations/create-self-service-experiences/set-self-service-actions-rbac/set-self-service-actions-rbac.md
@@ -114,6 +114,58 @@ Add the `requiredApproval` field to your action:
 </TabItem>
 </Tabs>
 
+## Configure visibility for action runs
+
+When creating or editing a self-service action, you can also control who can **view its runs**, using the relevant toggle in the `Permissions` tab.
+
+
+- **When enabled (default):** All organization members can view the action’s runs.
+- **When disabled:**  
+  - **Admins** can view all runs.  
+  - **Approvers** can view runs they are assigned to approve.  
+  - **Members** can only view their own runs.
+
+This ensures that sensitive operational data remains accessible only to authorized users, while maintaining flexibility and transparency where needed.
+
+
+<Tabs groupId="config-method" queryString values={[
+{label: "UI", value: "ui"},
+{label: "API", value: "api"},
+]}>
+
+<TabItem value="ui">
+
+<img src='/img/self-service-actions/rbac/viewRunAccess.png' width='70%' border='1px' />
+
+</TabItem>
+
+<TabItem value="api">
+
+Add the `isViewRunAccess` field to your action:
+
+```json showLineNumbers
+[
+  {
+    ...
+    "invocationMethod": {
+      "type": "WEBHOOK",
+      "url": "https://example.com"
+    },
+    "trigger": {
+      ...
+      "operation": "CREATE",
+    }
+    // highlight-next-line
+    "isViewRunAccess": true,
+    ...
+  }
+]
+```
+
+</TabItem>
+
+</Tabs>
+
 ### Define approval notifications
 
 By default manual approval notifications are sent via **Email** to users who have [approval permissions](#define-approvers).
diff --git a/docs/actions-and-automations/reflect-action-progress/reflect-action-progress.md b/docs/actions-and-automations/reflect-action-progress/reflect-action-progress.md
@@ -37,6 +37,11 @@ In addition to the methods mentioned above, `admins` can find action runs using
 - Go the [entity page](/customize-pages-dashboards-and-plugins/page/entity-page.md) of your desired entity, then select the `Runs` tab.  
    This page will display all action runs that have been executed for the selected Entity.
 
+## Who can view action runs
+
+Run visibility is controlled by the action’s permissions. See [Configure visibility for action runs](/actions-and-automations/create-self-service-experiences/set-self-service-actions-rbac/#configure-visibility-for-action-runs) for details.
+
+
 ## Fetch an action run
 
 Once an `actionRun` is created, it will have a unique `runId`. Using this id, you can interact with the action run using Port's API. 
diff --git a/static/img/self-service-actions/rbac/viewRunAccess.png b/static/img/self-service-actions/rbac/viewRunAccess.png
