Web Portal Profile Properties

I have the same question after looking around this is what I figured out. (Version: OneIM92)

projects\qer\src\lib\profile\profile.component.ts
Line 236: this.columns = (await this.projectConfig.getConfig()).PersonConfig.VI_PersonalData_Fields;

I could not find any configurable settings for 'VI_PersonalData_Fields' in the 'Administration Portal'
Administration Portal > Configuration > Webportal
Search: VI_PersonalData_Fields

There is an option for the Identity\Main Data' (what a manager sees for his employees)
Administration Portal > Configuration > Webportal
Search: VI_Employee_MasterData_Attributes

Feature configuration (QER)\Identity data / Personal data
Here you can add/remove the fields shown in the Identity\Main Data'

If you look futher in: projects\qer\src\lib\profile\profile.component.ts
Line 249: isReadOnly: () => !column.GetMetadata().CanEdit(),

I think here the read-only status is determined based on the 'CanEdit' property per column(field):
So the logged on user gets his rights via the base role VI_4_ALLUSER that has the permission group: VI_4_ALLUSER assigned.
The permisison group VI_4_ALLUSER has edit rights on the Person table filtered by Edit condition clause so only the person entry of the logged on user is shown.

exists (select top 1 1 from QER_FTPersonsAreMe_S('%UserUID%') f
where f.UID_Person=Person.UID_Person)

Don't take the following as advise or best practise. I'm not a webdeveloper, this is just my simple view on matters.
And I hope that someone more knowledgeable comes along and shares his advise.

Option 1 - Custom permission group for VI_4_ALLUSER
The bottom up approach would be to make a copy of the permission group VI_4_ALLUSER > CCC_VI_4_ALLUSER and remove the edit rights on the Person table.
or alter the Edit condition so only centain users can edit there profile.

pros:
- Most secure (lowest permission level)
- Configurable by admins, but be very careful!
- No/less web development needed 

cons:
- Major impact on OOTB configuration and future permission changes in VI_4_ALLUSER (updates/hotfixes have to be closely tracked and tested.)
- If you have issues and want support from Quest you will probably have to rollback to the default permission group config of VI_4_ALLUSER

Option 2 - Customize the API server: QER.CompositionApi.Server.PlugIn.dll
Extend the API server plugin with configurable settings for: VI_PersonalData_Fields for
1 Remove/Add fields shown in Profile Main Data setting
2 Option to overide fields that can be edited on the database level to read-only

pros:
- Secure
- Very easy to configure via the Admin portal

cons:
- Web development needed
- Customize the 'QER.CompositionApi.Server.PlugIn.dll' as far as I am aware this is closed source?

Option 3 - Customize Web front-end (HTML5 applications)
pros:
- Supported
- Relatively easy to configure when implemented: If you want to change the editability/visibility of a profile field you will have to redeploy the HTML app.

cons
- Web development needed
- Less secure (the permissions are still there via the API Server)

Regards,
Niels

I have the same question after looking around this is what I figured out. (Version: OneIM92)

projects\qer\src\lib\profile\profile.component.ts
Line 236: this.columns = (await this.projectConfig.getConfig()).PersonConfig.VI_PersonalData_Fields;

I could not find any configurable settings for 'VI_PersonalData_Fields' in the 'Administration Portal'
Administration Portal > Configuration > Webportal
Search: VI_PersonalData_Fields

There is an option for the Identity\Main Data' (what a manager sees for his employees)
Administration Portal > Configuration > Webportal
Search: VI_Employee_MasterData_Attributes

Feature configuration (QER)\Identity data / Personal data
Here you can add/remove the fields shown in the Identity\Main Data'

If you look futher in: projects\qer\src\lib\profile\profile.component.ts
Line 249: isReadOnly: () => !column.GetMetadata().CanEdit(),

I think here the read-only status is determined based on the 'CanEdit' property per column(field):
So the logged on user gets his rights via the base role VI_4_ALLUSER that has the permission group: VI_4_ALLUSER assigned.
The permisison group VI_4_ALLUSER has edit rights on the Person table filtered by Edit condition clause so only the person entry of the logged on user is shown.

exists (select top 1 1 from QER_FTPersonsAreMe_S('%UserUID%') f
where f.UID_Person=Person.UID_Person)

Don't take the following as advise or best practise. I'm not a webdeveloper, this is just my simple view on matters.
And I hope that someone more knowledgeable comes along and shares his advise.

Option 1 - Custom permission group for VI_4_ALLUSER
The bottom up approach would be to make a copy of the permission group VI_4_ALLUSER > CCC_VI_4_ALLUSER and remove the edit rights on the Person table.
or alter the Edit condition so only centain users can edit there profile.

pros:
- Most secure (lowest permission level)
- Configurable by admins, but be very careful!
- No/less web development needed 

cons:
- Major impact on OOTB configuration and future permission changes in VI_4_ALLUSER (updates/hotfixes have to be closely tracked and tested.)
- If you have issues and want support from Quest you will probably have to rollback to the default permission group config of VI_4_ALLUSER

Option 2 - Customize the API server: QER.CompositionApi.Server.PlugIn.dll
Extend the API server plugin with configurable settings for: VI_PersonalData_Fields for
1 Remove/Add fields shown in Profile Main Data setting
2 Option to overide fields that can be edited on the database level to read-only

pros:
- Secure
- Very easy to configure via the Admin portal

cons:
- Web development needed
- Customize the 'QER.CompositionApi.Server.PlugIn.dll' as far as I am aware this is closed source?

Option 3 - Customize Web front-end (HTML5 applications)
pros:
- Supported
- Relatively easy to configure when implemented: If you want to change the editability/visibility of a profile field you will have to redeploy the HTML app.

cons
- Web development needed
- Less secure (the permissions are still there via the API Server)

Regards,
Niels

Hi, as of v92 , I can see the configuration key ServerConfig/PersonConfig/VI_PersonalData_Fields in Administration->Configuration->Web Portal, and I'm able to select the fields. This key, at the very least, works in the latest github update for the qer-app-portal v92. 

Once selected in the administration portal,  if you want these columns to be readonly, the fastest could be accomplished by (there are other options as it has been very well detailed in the thread ) changing the line that's been pointed out in the profile.component.ts:

249:   //isReadOnly: () => !column.GetMetadata().CanEdit(),
249: isReadOnly: () => true,

, compile qer-app-portal and deploy the zip file to your custom folder.

Thank you for this!

I double checked it and the VI_PersonalData_Fields and it's there (Feature configuration (QER): Identity data / Writable attributes)

No thanks needed. I'm learning a lot with these questions!