• State Suggested Answer
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 98 subscribers
  • Views 218 views
  • Users 0 members are here
Options
Related

Filtering Data explorer sections based on user application role

f bozzardini
23 days ago

Hello everyone,

I'm working on a custom permission group and a custom application role based on it.

The request is to filter the sections in the data explorer section of the portal such as user account and system roles based on the user application role that is named like "UAM Team - ASIA", where "ASIA" can change based on the user country.

The UNSRootB have a custom field called "CCC_RegionalScope" and it will be "ASIA" in the previous case or different based on the country.

The UNSRootB description has the same value of the field CustomProperty01 in the ESet Table

I added a viewing condition to the tables UNSAccountB and ESet in the permission group associated as below:

UNSAccountB:

UID_UNSRootB IN
(SELECT R.UID_UNSRootB From PersonInAERole PIAE
JOIN AERole A ON PIAE.UID_AERole = A.UID_AERole
JOIN UNSRootB R ON 'UAM Team - ' + R.CCC_RegionalScope = A.Ident_AERole
WHERE PIAE.UID_Person = '%UserUID%')

ESet:

CustomProperty01 IN (SELECT R.Description FROM PersonInAERole PIAE JOIN AERole A ON PIAE.UID_AERole JOIN UNSRootB R ON 'UAM Team - ' + R.CCC_RegionalScope = A.Ident_AERole WHERE PIAE.UID_Person = '%UserUID%')

I used the same queries in the edit and insert condition and they correctly work. 

I cannot edit or insert ESet and UNSAccountB when they are different from my country.

But the viewing condition does not filter the data explorer list in each section.

Is there a way to filter these sections based on the values i have?

Thank you!

Francesco

  • 0 21 days ago

    Per default the permission group 'VI_4_ALLUSER_LOOKUP' gives all users view permissions.

    So your options are

    Change on database level
    Create custom permission group 'CCC_4_ALLUSER_LOOKUP' (copy of VI_4_ALLUSER_LOOKUP) without these viewing permissions and assign persons to that group.

    But a better, less impactful option is to Place a filter on the APIserver endpoint.

    Example for ESet
    https://.../apiserver93/portal/admin/role/eset

    Administration Portal > Configuration: Web Portal (click on: three dots icon)
    Create configuration key
    Select where to add the configuration key: API method configuration
    Enter the API method name, replacing slashes with underscores, for example "itshop_cart".
    Name of the new configuration key: admin_role_eset
    [Create]

    Search: admin_role_eset

    Property configuration
    API method configuration / admin_role_eset / Filter condition
    Specify a filter condition (WHERE clause). To refer to the identifier of the current user, use the %useruid% variable.
    Value: [your custom query]
    PropertyConfig/MethodConfiguration/admin_role_eset/WhereClause

    [Apply] (*) Apply globally [Apply]

    HTH!