Hello All,
I am trying to restrict access to input forms(specific input fields) and some attributes in the data schema for other Administrators. For this, I am using a custom named right "notSuperAdmin".
Code used in the input forms.
<container type="visibleGroup" visibleIf="HasNamedRight('notSuperAdmin')">
<!--- some input fields here--->
</container>
I also tried other variations.
hasNamedRight('notSuperAdmin')
hasNamedRight('notSuperAdmin')=true
Code for Schema:
<attribute name="email" label="email" accessibleIf="HasNamedRight('notSuperAdmin')"/>
The Out of box name right of 'admin' seems to work fine in the input forms.
Instance Build: 9349
Any help will be appreciated.
Solved! Go to Solution.
Views
Replies
Total Likes
Update 1:
I have managed to make it work for input forms. The named right method still didn't work.
Here is the workaround:
I am still working on the Schema condition. (continued..)
Hi @_Manoj_Kumar_ ,
You can check the following things if the code is not working as expected:
1. Ensure that the custom named right "notSuperAdmin" has been properly set up and assigned to the relevant users.
2. Your syntax for input forms & schema is correct.
3. Make sure the named right used in the code is referenced correctly, for example: HasNamedRight('notSuperAdmin') and not hasNamedRight('notSuperAdmin') or hasNamedRight('notSuperAdmin')=true.
If the code is still not working after these checks, you may first log out of the system and log back in, also clear your cache and cookies, or restart the application to see if that resolves the issue.
Views
Replies
Total Likes
Views
Replies
Total Likes
Also, the combination that suggested not to use is working if the named right is "admin".
Views
Replies
Total Likes
Hi @_Manoj_Kumar_ ,
If the code HasNamedRight('admin') is working as expected, but the code HasNamedRight('notSuperAdmin') is not; it could be a problem with configuring the custom named right "notSuperAdmin."
If the custom-named right is not properly defined, the HasNamedRight function will return false for all users, regardless of their assigned rights.
For the input forms:
<container type="visibleGroup" visibleIf="!HasNamedRight('notSuperAdmin')">
<!--- some input fields here--->
</container>
For the schema:
<attribute name="email" label="email" accessibleIf="!HasNamedRight('notSuperAdmin')"/>
Can you try using the ! operator to negate the result of the HasNamedRight function?
The ! operator inverts the Boolean value of an expression, so if the user does not have the named right "notSuperAdmin", the expression will evaluate to true.
Views
Replies
Total Likes
Hello @akshaaga
I want the condition to work only in case of a true return, not for a false one. Also, negation will not work if the original condition is not returning true.
Views
Replies
Total Likes
Hi @_Manoj_Kumar_ ,
In that case, you can use the following approach:
def original_condition():
# original condition code
return True # or False
if original_condition():
# code to be executed only if original_condition returns True
pass
In this example, the original_condition function returns either True or False. The if statement checks the result of original_condition() and only executes the code inside it if the result is True. If the result is False, the code inside the if statement is skipped.
Regarding the other solution suggested, I have checked, and that can be used.
The only downside is -
the accessibleIf attribute limits access to the middleName field to only admin, user1, and user2 users. And the visibleIf attribute makes the container for the middleName field only visible for admin, user1, and user2 users. This means that other administrators will not be able to access or see the middleName field.
Hello @akshaaga
The challenge here is the original condition HasNamedRight('notSuperAdmin') does not return anything. The response is always blank.
Views
Replies
Total Likes
Hi @_Manoj_Kumar_ ,
I had tested it by creating named rights 'testGroup'
accessibleIf="hasNamedRight('testGroup')"
The above syntax is correct, as I can able to restrict access for particular fields to few non-Admin operators and allow the same for few non-Admin operators.
But it doesn't worked when I tried the same syntax to restrict it for few admin.
Instead, the below approach had worked..
Tested it with nms:recipient @middleName field
Schema: nms:recipient
<attribute accessibleIf="$(login)=='admin' or $(login)=='user1' or $(login)=='user2'" dataPolicy="smartCase" desc="Middle name of recipient" label="Middle name" length="30" name="middleName" sqlname="sMiddleName" type="string"/>
Input Form:
<container colcount="1" label="middle name" name="middle name" type="visibleGroup"
visibleIf="$(login)=='admin' or $(login)=='user1' or $(login)=='user2'">
<input xpath="@middleName"/>
</container>
The above solution allowed user1, user2 operators can able to see middle name, whereas other admins cant able to see middle name.
Views
Replies
Total Likes
Hello @ParthaSarathy Yes, I am currently using the same. But the downside is every time a new operator wants access to this data then we will have to modify the schema.
The same is the case when there is a requirement to remove access.
Views
Replies
Total Likes
Hi @_Manoj_Kumar_ ,
Considering the below scenario,
Created a named rights 'testGroup' and assigned it to 'user4' alone (operatorGroup2)
In schema and input form, given the condition "hasNamedRight('testGroup')" for middle name field.
When logged in as 'user4' who has 'testGroup' named rights, I can see middle name.
Whereas When login as user5, I cant see middle name.
This makes a conclusion that "hasNamedRight('testGroup')" syntax works fine.
But when loggedin as admin (user1, user2, user3), though they dont have 'testGroup' named rights, can able to see middle name.
This is because administratior operator group has 'admin' named rights, and they have full access on the instance irrespective of other named rights.
So, to restrict a field for few admin account who already has full access on the instance, restricting using named rights is not helping.
$(login)=='user1' logic will work, but I agree with your point that there is a manual work to modify the schema when someone wants access or to remove. Very Glad and eager to know the optimized solution for this scenario from other community members!
Views
Replies
Total Likes
Update 1:
I have managed to make it work for input forms. The named right method still didn't work.
Here is the workaround:
I am still working on the Schema condition. (continued..)
Hi @_Manoj_Kumar_,
Glad that you got a workaround for your problem. Did you also check if by any chance your user with "notSuperAdmin" named right also had the "admin" named right? The condition might not have worked if the "admin" right already existed.
Let us know if that helped.
Regards,
Ishan
Views
Replies
Total Likes
Hello @isahore
Yes, Other operators are Admins as well. But that should not change anything.
I am not sure why, but the same hasNamedRight condition works in sysfilter within the same schema but does not work on an attribute.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies