About this configuration feature in the API server going by the name 'Filters for object selection what does it do, and how does it work?
I tried to configure this feature leaving me a bit confused...
One Identity Manager Administrator Portal: Configuration > Web Portal > Three-dots icon > Create configuration key
Filters for object selection
Specify filter conditions (WHERE clauses) for foreign key columns. Enter column names in the format "<Table name>.<Column name>" (e.g. "MyTable.FirstColumn"). To refer to base object values, use the "%ColumnName%" syntax and to refer to the identifier of the current user, use the "%useruid%" variable.
Filters for object selection by table
(Specify filter conditions (WHERE clauses) for foreign key columns. Enter table names in the format "<TableName>" (e.g. "MyTable"). To refer to base object values, use the "%ColumnName%" syntax and to refer to the identifier of the current user, use the "%useruid%" variable.)
I configured the following:
Filters for object selection / Person.IsTemporaryDeactivated (PropertyConfig/FkWhereClausesByColumn/Person)
%IsTemporaryDeactivated% = 0
Filters for object selection by table / Person (PropertyConfig/FkWhereClausesByTable/Person)
%IsTemporaryDeactivated% = 0
The config file: inetpub\wwwroot\ApiServerDev\bin\CCC.CompositionApi.global.json
{"Scopes":[{"AppliesTo":"portal","Ignore":false,"Data":{"PropertyConfig/FkWhereClausesByTable/Person":"%IsInActive% = 0","PropertyConfig/FkWhereClausesByColumn/Person":"%IsInActive% = 0"}}],"AppliesTo":null,"Ignore":false,"Data":null}
Logged in with a user that is manager of some accounts and has the following application role: Identity Management\Identities\Administrators
I couldn't see any difference all the temporary deactivated identities where still visible under "My Direct Reports" and in the "Data Explorer\Identities"
Changed the value of 'PropertyConfig/FkWhereClausesByTable/Person' without the %%
Filters for object selection by table / Person (PropertyConfig/FkWhereClausesByTable/Person)
IsTemporaryDeactivated = 0
Did didn't change much only the following URL returned a filtered response:
itshop.groot.net/.../candidates
API server logging:
Classification risk: 0, fp: , hash: , trusted hash: , already checked: False, tries: 0, last try: - ago, where clause: (isnull(IsInActive, 0) = 0) and (IsTemporaryDeactivated = 1)
When I rolled back to the original value: %IsTemporaryDeactivated% = 0
The log showed this:
Classification risk: 0, fp: , hash: , trusted hash: , already checked: False, tries: 0, last try: - ago, where clause: (isnull(IsInActive, 0) = 0) and (0 = 0)
