• State Suggested Answer
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 94 subscribers
  • Views 2054 views
  • Users 0 members are here
Options
Related

Prohibit Modification for some selected users

lrigs
over 3 years ago

Hello, I have a need to prohibit modification to a field for certain users only.

I tried to select multiple and open on new tab and prohibit there. I get and error.

I also tried to do it in Object Browser but cannot find a way. Is there a programmatic way to set prohibit on specific user i need it set on?

Thank you,

Lu

  • 0 over 3 years ago

    Hi Lu,

    You could achieve this via the Edit Conditions on Permission Groups or a Permission group specifically a set of users

    Designer > Permissions > By Tables > "Person" Table

    You can modify the ability to View, Edit, Insert or Delete objects by the user's associated Permission Group.
    You can also go one layer down and assign conditions to these actions.

    For example:

    If you look at permission group "VI_Person_PrivateData_Userinterface_and_EditRights"
    There is an edit condition of "UID_Person = '%UserUID%'"

    This essentially ensures that the authenticated user can only modify their own data (For the specific fields that have the Edit permission) 

    You are able to create your own permission groups so you can limit / grant rights at the object/attribute layer.

    Have a read of below:

    https://support.oneidentity.com/technical-documents/identity-manager/8.1.3/authorization-and-authentication-guide/9#TOPIC-1480455

  • 0 over 3 years ago in reply to Ryan Crossingham

    Hi Ryan,

    Thank for the response and suggestions. I appreciate you taking the time.

    I just had a need to prohibit change for one field for a specific time frame. On around 100 hundred employees.

    Right now I can right click on the field one by one and prohibit. I was hoping I could just run something to do them all at once.

    I will investigate what you suggested further to see if that gets me what I need.

    Thank you,

    Lu

  • 0 over 3 years ago in reply to lrigs

    There should be a customizer method available at the person object called SetLockStateForDisplay that takes an array of strings of the column names as the first parameter and the locked state of type boolean as a second parameter.

    You just need to execute this method for each object in your code.

  • 0 over 3 years ago in reply to Markus Weiss-Ehlers

    Markus,

    Thank you for getting to me on the suggestion. I will give that a shot. It's weird situation but it seems I get a lot of weird asks.

    I appreciate all the help as always!

    Lu

  • 0 over 2 years ago in reply to Markus Weiss-Ehlers

    We attempted to use below codes to lock the columns with no luck. is something wrong to pass string array to the method? Thank you for the suggestion in advance.

    Public Sub CCC_DBObjects_MethodCall(ByVal uidPerson As String) 

          Dim retMessages As New System.Text.StringBuilder

          Dim dbPerson As IEntity

          Dim text As String = "EmployeeType|ContactEmail" 

        ' Load the Person object

        dbPerson = Session.Source.Get("Person", uidPerson)

          Dim iColumns As String() = text.Split(New String() {"|"}, StringSplitOptions.None) 

        Try 

            ' Call customizer method SetLockStateForDisplay

            dbPerson.CallMethod("SetLockStateForDisplay", iColumns, True)           

                ' Save to execute the method

            dbPerson.Save(Session) 

        Catch ex As Exception

            ' Error handling

            retMessages.AppendLine(#LD("Error to lock the columns")#)

            retMessages.AppendLine(ex.ToString())               

        End Try 

    End Sub