Community Advisor

Solved

Custom Named right not working in Input Forms and Data schema

Forum|Forum|3 years ago
February 10, 2023
3 replies
2614 views

Hello All,

I am trying to restrict access to input forms(specific input fields) and some attributes in the data schema for other Administrators. For this, I am using a custom named right "notSuperAdmin".

Code used in the input forms.

 <container type="visibleGroup" visibleIf="HasNamedRight('notSuperAdmin')">
<!--- some input fields here--->
</container>

I also tried other variations.

hasNamedRight('notSuperAdmin')

hasNamedRight('notSuperAdmin')=true

Code for Schema:

<attribute name="email" label="email" accessibleIf="HasNamedRight('notSuperAdmin')"/>

The Out of box name right of 'admin' seems to work fine in the input forms.

Instance Build: 9349

Any help will be appreciated.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Manoj_Kumar

Update 1:

I have managed to make it work for input forms. The named right method still didn't work.

Here is the workaround:

Schema change: Create a Method in the related schema to call a JS library. Pass the named right and the output string as a parameter.
JS library: A function in this JS library will receive the name right as an argument. Use the Js method to check operator has the required name right or not. If the name right is found, return true else, return false.
Input form: Use the enter tag at the top of the form and use a SOAP call to invoke the method defined in the schema. Use the output variable to store the value returned by the JS method in a temp variable.
Use this temp variable value in visibleIf condition.

I am still working on the Schema condition. (continued..)

akshaaga

Adobe Employee

Hi @_manoj_kumar_ ,

You can check the following things if the code is not working as expected:

1. Ensure that the custom named right "notSuperAdmin" has been properly set up and assigned to the relevant users.

2. Your syntax for input forms & schema is correct.

3. Make sure the named right used in the code is referenced correctly, for example: HasNamedRight('notSuperAdmin') and not hasNamedRight('notSuperAdmin') or hasNamedRight('notSuperAdmin')=true.

If the code is still not working after these checks, you may first log out of the system and log back in, also clear your cache and cookies, or restart the application to see if that resolves the issue.

Manoj_Kumar

Author

Community Advisor

Hello @akshaaga

I have already tried all this but no luck.

Manoj | https://themartech.pro

Manoj_Kumar

Author

Community Advisor

Also, the combination that suggested not to use is working if the named right is "admin".

Manoj | https://themartech.pro

ParthaSarathy

Community Advisor

Hi @_manoj_kumar_ ,

I had tested it by creating named rights 'testGroup'

accessibleIf="hasNamedRight('testGroup')"

The above syntax is correct, as I can able to restrict access for particular fields to few non-Admin operators and allow the same for few non-Admin operators.

But it doesn't worked when I tried the same syntax to restrict it for few admin.

Instead, the below approach had worked..

Tested it with nms:recipient @middleName field

Schema: nms:recipient

Input Form:

The above solution allowed user1, user2 operators can able to see middle name, whereas other admins cant able to see middle name.

~ ParthaSarathy S~ Click here to join ADOBE CAMPAIGN USER GROUP for Quarterly In-person | Hybrid | Virtual Meetups

Manoj_Kumar

Author

Community Advisor

Hello @parthasarathy Yes, I am currently using the same. But the downside is every time a new operator wants access to this data then we will have to modify the schema.

The same is the case when there is a requirement to remove access.

Manoj | https://themartech.pro

ParthaSarathy

Community Advisor

Hi @_manoj_kumar_ ,

Considering the below scenario,

user1, user2, user3 are admins (has 'admin' named rights, as they are in 'Administrator' operator group)
user4 belongs to operatorGroup2 (non - admin)
user5 belongs to operatorGroup3 (non - admin)

Created a named rights 'testGroup' and assigned it to 'user4' alone (operatorGroup2)

In schema and input form, given the condition "hasNamedRight('testGroup')" for middle name field.

When logged in as 'user4' who has 'testGroup' named rights, I can see middle name.
Whereas When login as user5, I cant see middle name.
This makes a conclusion that "hasNamedRight('testGroup')" syntax works fine.

But when loggedin as admin (user1, user2, user3), though they dont have 'testGroup' named rights, can able to see middle name.
This is because administratior operator group has 'admin' named rights, and they have full access on the instance irrespective of other named rights.

So, to restrict a field for few admin account who already has full access on the instance, restricting using named rights is not helping.
$(login)=='user1' logic will work, but I agree with your point that there is a manual work to modify the schema when someone wants access or to remove. Very Glad and eager to know the optimized solution for this scenario from other community members!

~ ParthaSarathy S~ Click here to join ADOBE CAMPAIGN USER GROUP for Quarterly In-person | Hybrid | Virtual Meetups

Manoj_Kumar

AuthorAccepted solution

Community Advisor

Update 1:

I have managed to make it work for input forms. The named right method still didn't work.

Here is the workaround:

Schema change: Create a Method in the related schema to call a JS library. Pass the named right and the output string as a parameter.
JS library: A function in this JS library will receive the name right as an argument. Use the Js method to check operator has the required name right or not. If the name right is found, return true else, return false.
Input form: Use the enter tag at the top of the form and use a SOAP call to invoke the method defined in the schema. Use the output variable to store the value returned by the JS method in a temp variable.
Use this temp variable value in visibleIf condition.

I am still working on the Schema condition. (continued..)

Manoj | https://themartech.pro

isahore

Community Advisor

Hi @_manoj_kumar_,

Glad that you got a workaround for your problem. Did you also check if by any chance your user with "notSuperAdmin" named right also had the "admin" named right? The condition might not have worked if the "admin" right already existed.

Let us know if that helped.

Regards,

Ishan

Manoj_Kumar

Author

Community Advisor

Hello @isahore

Yes, Other operators are Admins as well. But that should not change anything.

I am not sure why, but the same hasNamedRight condition works in sysfilter within the same schema but does not work on an attribute.

Manoj | https://themartech.pro

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded