Prohibit Modification for some selected users

Hello, I have a need to prohibit modification to a field for certain users only.

I tried to select multiple and open on new tab and prohibit there. I get and error.

I also tried to do it in Object Browser but cannot find a way. Is there a programmatic way to set prohibit on specific user i need it set on?

Thank you,

Lu

Parents
  • Hi Lu,

    You could achieve this via the Edit Conditions on Permission Groups or a Permission group specifically a set of users

    Designer > Permissions > By Tables > "Person" Table

    You can modify the ability to View, Edit, Insert or Delete objects by the user's associated Permission Group.
    You can also go one layer down and assign conditions to these actions.

    For example:

    If you look at permission group "VI_Person_PrivateData_Userinterface_and_EditRights"
    There is an edit condition of "UID_Person = '%UserUID%'"

    This essentially ensures that the authenticated user can only modify their own data (For the specific fields that have the Edit permission) 

    You are able to create your own permission groups so you can limit / grant rights at the object/attribute layer.

    Have a read of below:

    https://support.oneidentity.com/technical-documents/identity-manager/8.1.3/authorization-and-authentication-guide/9#TOPIC-1480455

  • Hi Ryan,

    Thank for the response and suggestions. I appreciate you taking the time.

    I just had a need to prohibit change for one field for a specific time frame. On around 100 hundred employees.

    Right now I can right click on the field one by one and prohibit. I was hoping I could just run something to do them all at once.

    I will investigate what you suggested further to see if that gets me what I need.

    Thank you,

    Lu

  • There should be a customizer method available at the person object called SetLockStateForDisplay that takes an array of strings of the column names as the first parameter and the locked state of type boolean as a second parameter.

    You just need to execute this method for each object in your code.

    The method does not work as I thought. It fetches the current LockState of an interactive entity and updates the edit permissions in the columns accordingly.

  • Markus,

    Thank you for getting to me on the suggestion. I will give that a shot. It's weird situation but it seems I get a lot of weird asks.

    I appreciate all the help as always!

    Lu

Reply Children
No Data