• State Suggested Answer
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 96 subscribers
  • Views 2386 views
  • Users 0 members are here
Options
Related

Prohibit Modification for some selected users

lrigs
over 4 years ago

Hello, I have a need to prohibit modification to a field for certain users only.

I tried to select multiple and open on new tab and prohibit there. I get and error.

I also tried to do it in Object Browser but cannot find a way. Is there a programmatic way to set prohibit on specific user i need it set on?

Thank you,

Lu

Parents
  • 0 over 4 years ago

    Hi Lu,

    You could achieve this via the Edit Conditions on Permission Groups or a Permission group specifically a set of users

    Designer > Permissions > By Tables > "Person" Table

    You can modify the ability to View, Edit, Insert or Delete objects by the user's associated Permission Group.
    You can also go one layer down and assign conditions to these actions.

    For example:

    If you look at permission group "VI_Person_PrivateData_Userinterface_and_EditRights"
    There is an edit condition of "UID_Person = '%UserUID%'"

    This essentially ensures that the authenticated user can only modify their own data (For the specific fields that have the Edit permission) 

    You are able to create your own permission groups so you can limit / grant rights at the object/attribute layer.

    Have a read of below:

    https://support.oneidentity.com/technical-documents/identity-manager/8.1.3/authorization-and-authentication-guide/9#TOPIC-1480455

  • 0 over 4 years ago in reply to Ryan Crossingham

    Hi Ryan,

    Thank for the response and suggestions. I appreciate you taking the time.

    I just had a need to prohibit change for one field for a specific time frame. On around 100 hundred employees.

    Right now I can right click on the field one by one and prohibit. I was hoping I could just run something to do them all at once.

    I will investigate what you suggested further to see if that gets me what I need.

    Thank you,

    Lu

  • 0 over 4 years ago in reply to lrigs

    There should be a customizer method available at the person object called SetLockStateForDisplay that takes an array of strings of the column names as the first parameter and the locked state of type boolean as a second parameter.

    You just need to execute this method for each object in your code.

    The method does not work as I thought. It fetches the current LockState of an interactive entity and updates the edit permissions in the columns accordingly.

Reply
  • 0 over 4 years ago in reply to lrigs

    There should be a customizer method available at the person object called SetLockStateForDisplay that takes an array of strings of the column names as the first parameter and the locked state of type boolean as a second parameter.

    You just need to execute this method for each object in your code.

    The method does not work as I thought. It fetches the current LockState of an interactive entity and updates the edit permissions in the columns accordingly.

Children
  • 0 over 4 years ago in reply to Markus Weiss-Ehlers

    Markus,

    Thank you for getting to me on the suggestion. I will give that a shot. It's weird situation but it seems I get a lot of weird asks.

    I appreciate all the help as always!

    Lu

  • 0 over 3 years ago in reply to Markus Weiss-Ehlers

    We attempted to use below codes to lock the columns with no luck. is something wrong to pass string array to the method? Thank you for the suggestion in advance.

    Public Sub CCC_DBObjects_MethodCall(ByVal uidPerson As String) 

          Dim retMessages As New System.Text.StringBuilder

          Dim dbPerson As IEntity

          Dim text As String = "EmployeeType|ContactEmail" 

        ' Load the Person object

        dbPerson = Session.Source.Get("Person", uidPerson)

          Dim iColumns As String() = text.Split(New String() {"|"}, StringSplitOptions.None) 

        Try 

            ' Call customizer method SetLockStateForDisplay

            dbPerson.CallMethod("SetLockStateForDisplay", iColumns, True)           

                ' Save to execute the method

            dbPerson.Save(Session) 

        Catch ex As Exception

            ' Error handling

            retMessages.AppendLine(#LD("Error to lock the columns")#)

            retMessages.AppendLine(ex.ToString())               

        End Try 

    End Sub

  • 0 8 days ago in reply to xd

    Correct answer is to use the class VI.DB.Entities.EntityLock.

    Sample code is:

    Public Sub CCC_LockColumns(ObjectKey As String, ColumnNames As String(), LockType As EntityLockType)
    ' ENUM EntityLockType
    '   Append = 0
    '   Replace = 1
    '   Remove = 2

    ' Parameter validation
    If String.IsNullOrWhiteSpace(ObjectKey) Then Throw New ArgumentNullException(NameOf(ObjectKey), "No ObjectKey supplied.")
    If (ColumnNames Is Nothing) OrElse (ColumnNames.Count = 0) Then Throw New ArgumentNullException(NameOf(ColumnNames), "No column names array supplied.")
    If LockType < 0 And LockType > 2 Then Throw New ArgumentNullException(NameOf(LockType), "No valid entity lock type supplied. Valid values are 0 (Append), 1 (Replace) or 2 (Remove).")

    ' Create DBObjectKey
    Dim objKey = New DbObjectKey(ObjectKey)

    ' Get meta data for the table of the entity
    Dim dbTable = Session.MetaData().GetTable(objKey.Tablename)
    ' Get the UID of the DialogColumn entries for the ColumnNames
    Dim columnUIDs = ColumnNames.AvoidNull.Select(Function(c) dbTable.Columns(c).Uid)

    ' Get the entity
    Dim dbEntity As IEntity = Session.Source.Get(objKey, EntityLoadType.Interactive)

    ' Ensure that we are allowed to lock columns
    If Entities.EntityLock.IsAllowedAsync(Session).Result() Then
        ' Create a Unit of Work
        Using uow = Session.StartUnitOfWork()
            ' Lock the columns by creating the entries in QBMLock and changing XMarkedForDeletion
            Entities.EntityLock.LockColumnsAsync(uow, dbEntity, ColumnNames, LockType).Wait()
            uow.Put(dbEntity)
            uow.Commit()
        End Using
    End If
End Sub

  • 0 8 days ago in reply to Markus Weiss-Ehlers

     I will give this a try. Thanks for the work on this.

    Lu