hide other users From Simplifier UI, but be able to get them from Server Side BO

  • Vasileios Thanasias
        Has successfully completed the online course Basics (100)
      1 year ago #38445

      Hello, I’m getting all the users that belong to a group via the command below.

      Simplifier.Group.getUsersByGroup(id);

      However, this requires the permission for the characteristic: [read] for Users.

      When I enable this permission, I can see the list of all Simplifier Users, which we need to hide due to GDPR policy. Is there any way to hide the list of other Simplifier users, while being able to user a command to the BO such as Simplifier.Group.getUsersByGroup(id);

      Jennifer Häfner
          Has successfully completed the online course Intermediate (200)
          Has successfully completed the online course Advanced (300)
          Has successfully completed the online course Basics (100)
          Has successfully completed the online course Advanced (310)
          Has successfully completed the online course Advanced (320)
          Has successfully completed the Intermediate Certification
          Has successfully completed the Advanced Certification
        1 year ago #38510
        Up
        1
        Down
        ::

        I have tested this procedure to make sure it really works. In the attachments, you can see how I achieved that the user ‘testroles’ only temporarily gets the permissions to read all users.

        Attachments:
        You must be logged in to view attached files.
        Jennifer Häfner
            Has successfully completed the online course Intermediate (200)
            Has successfully completed the online course Advanced (300)
            Has successfully completed the online course Basics (100)
            Has successfully completed the online course Advanced (310)
            Has successfully completed the online course Advanced (320)
            Has successfully completed the Intermediate Certification
            Has successfully completed the Advanced Certification
          1 year ago #38476
          Up
          0
          Down
          ::

          Hi Vasileios,

          There is currently no way to hide the users in the user list if the logged-in user has the permissions to read all users. I can think of this workaround, but I haven’t actually tested it:

          • Remove the permission to read all users –> the user list is not visible in the Simplifier UI. Instead, assign a role or an attribute to the user, like ‘canReadUsers’
          • However, the user needs the permission to read themselves and to read and assign roles
          • When the user logs in to the application, check inside a Server-Side Business Object (SBO) function if the user has the required role or attribute ‘canReadUsers’
          • If yes: use the SBO API  to assign a role to the logged-in user which includes the permission to read all users
          • Do the logic inside the application that you need to do (e.g., read users of a given group)
          • After that, in another SBO function, unassign the role which includes the permission to read all users again from the logged-in user –> the user only has this role to read all users for the necessary task inside the application

          Let me know if this works for you.

           

          Vasileios Thanasias
              Has successfully completed the online course Basics (100)
            1 year ago #38486
            Up
            0
            Down
            ::

            Hi Jennifer, thanks for the suggestion

            Unfortunately, the update operation didn’t work.

            var oUpdatedRole = Simplifier.Role.update(role.id, {name: role.roleName, active: true, description: “updated description”, assignedUsers: [oUser.id]});

            This gives an error: No Permission for read.

            However. if I don’t assign the role to the user, just update it, then it works.

            var oUpdatedRole = Simplifier.Role.update(role.id, {name: role.roleName, active: true, description: “updated description”});

            If I assign to the user the SF_Administrator, then it works. So I’m not sure which permission is missing.

            The user has already SF_AppUser role (can read self) + the custom role below

            Jennifer Häfner
                Has successfully completed the online course Intermediate (200)
                Has successfully completed the online course Advanced (300)
                Has successfully completed the online course Basics (100)
                Has successfully completed the online course Advanced (310)
                Has successfully completed the online course Advanced (320)
                Has successfully completed the Intermediate Certification
                Has successfully completed the Advanced Certification
              1 year ago #38507
              Up
              0
              Down
              ::

              Hi Vasileios,

              You said that you update the role to assign it to the user. Try to use Simplifier.User.assignRole(userNameOrID, roleID) and Simplifier.User.unassignRole(userNameOrID, roleID) to add/remove a role to a user.

              To get the correct roleID, execute Simplifier.Role.getAll() and copy the ID of the respective role.

              Vasileios Thanasias
                  Has successfully completed the online course Basics (100)
                1 year ago #38509
                Up
                0
                Down
                ::

                Hi,

                I already assigned the role as you recommended above. The user gets the role, however, I still have this error. The current user has no permission for the characteristic: [read] for Users.

                Can it be that the user has to login again? Because after a new login, the BO works normally.

              Viewing 6 posts - 1 through 6 (of 6 total)

              You must be logged in to reply to this topic.