SOLVED
Custom Named right not working in Input Forms and Data schema
Hello All,
I am trying to restrict access to input forms(specific input fields) and some attributes in the data schema for other Administrators. For this, I am using a custom named right "notSuperAdmin".
Code used in the input forms.
<container type="visibleGroup" visibleIf="HasNamedRight('notSuperAdmin')">
<!--- some input fields here--->
</container>I also tried other variations.
hasNamedRight('notSuperAdmin')
hasNamedRight('notSuperAdmin')=true
Code for Schema:
<attribute name="email" label="email" accessibleIf="HasNamedRight('notSuperAdmin')"/>
The Out of box name right of 'admin' seems to work fine in the input forms.
Instance Build: 9349
Any help will be appreciated.
1 Accepted Solution
Correct answer by
Update 1:
I have managed to make it work for input forms. The named right method still didn't work.
Here is the workaround:
- Schema change: Create a Method in the related schema to call a JS library. Pass the named right and the output string as a parameter.
- JS library: A function in this JS library will receive the name right as an argument. Use the Js method to check operator has the required name right or not. If the name right is found, return true else, return false.
- Input form: Use the enter tag at the top of the form and use a SOAP call to invoke the method defined in the schema. Use the output variable to store the value returned by the JS method in a temp variable.
- Use this temp variable value in visibleIf condition.
I am still working on the Schema condition. (continued..)
Also, the combination that suggested not to use is working if the named right is "admin".
Hello @akshaaga
I want the condition to work only in case of a true return, not for a false one. Also, negation will not work if the original condition is not returning true.
Hello @akshaaga
The challenge here is the original condition HasNamedRight('notSuperAdmin') does not return anything. The response is always blank.
Hi @_Manoj_Kumar_ ,
I had tested it by creating named rights 'testGroup'
accessibleIf="hasNamedRight('testGroup')"The above syntax is correct, as I can able to restrict access for particular fields to few non-Admin operators and allow the same for few non-Admin operators.
But it doesn't worked when I tried the same syntax to restrict it for few admin.
Instead, the below approach had worked..
Tested it with nms:recipient @middleName field
Schema: nms:recipient
<attribute accessibleIf="$(login)=='admin' or $(login)=='user1' or $(login)=='user2'" dataPolicy="smartCase" desc="Middle name of recipient" label="Middle name" length="30" name="middleName" sqlname="sMiddleName" type="string"/>
Input Form:
<container colcount="1" label="middle name" name="middle name" type="visibleGroup"
visibleIf="$(login)=='admin' or $(login)=='user1' or $(login)=='user2'">
<input xpath="@middleName"/>
</container>
The above solution allowed user1, user2 operators can able to see middle name, whereas other admins cant able to see middle name.
Hello @ParthaSarathy Yes, I am currently using the same. But the downside is every time a new operator wants access to this data then we will have to modify the schema.
The same is the case when there is a requirement to remove access.
Hi @_Manoj_Kumar_ ,
Considering the below scenario,
- user1, user2, user3 are admins (has 'admin' named rights, as they are in 'Administrator' operator group)
- user4 belongs to operatorGroup2 (non - admin)
- user5 belongs to operatorGroup3 (non - admin)
Created a named rights 'testGroup' and assigned it to 'user4' alone (operatorGroup2)
In schema and input form, given the condition "hasNamedRight('testGroup')" for middle name field.
When logged in as 'user4' who has 'testGroup' named rights, I can see middle name.
Whereas When login as user5, I cant see middle name.
This makes a conclusion that "hasNamedRight('testGroup')" syntax works fine.
But when loggedin as admin (user1, user2, user3), though they dont have 'testGroup' named rights, can able to see middle name.
This is because administratior operator group has 'admin' named rights, and they have full access on the instance irrespective of other named rights.
So, to restrict a field for few admin account who already has full access on the instance, restricting using named rights is not helping.
$(login)=='user1' logic will work, but I agree with your point that there is a manual work to modify the schema when someone wants access or to remove. Very Glad and eager to know the optimized solution for this scenario from other community members!
Correct answer by
Update 1:
I have managed to make it work for input forms. The named right method still didn't work.
Here is the workaround:
- Schema change: Create a Method in the related schema to call a JS library. Pass the named right and the output string as a parameter.
- JS library: A function in this JS library will receive the name right as an argument. Use the Js method to check operator has the required name right or not. If the name right is found, return true else, return false.
- Input form: Use the enter tag at the top of the form and use a SOAP call to invoke the method defined in the schema. Use the output variable to store the value returned by the JS method in a temp variable.
- Use this temp variable value in visibleIf condition.
I am still working on the Schema condition. (continued..)
Hello @isahore
Yes, Other operators are Admins as well. But that should not change anything.
I am not sure why, but the same hasNamedRight condition works in sysfilter within the same schema but does not work on an attribute.
Related Conversations
