[Fabian]

1 year ago #34986

Hi all.

We have the following user structure:

• Company  User 1
  • Agency 1
    • User 1 (admin)
    • User 2 (user)
    • User..
  • Agency 2
    • User 1 (admin)
    • User 2 (user)
    • User..
  • Agency …

We want to filter information according to the role/group (or what ever suits the purpose) and show only data to the user that is relevant for her. Doing this  the “company user” shall see all the data of all users; “Agency admin” user shall see all data of all useres of the agency (but not from another agency); Agency users shall only see their data.

Is there a good parctise to set up the user and rights management in simplifier to easily set such a structre up?

 

[Jennifer Häfner Has successfully completed the online course Intermediate (200)Has successfully completed the online course Advanced (300)Has successfully completed the online course Basics (100)Has successfully completed the online course Advanced (310)Has successfully completed the online course Advanced (320)Has successfully completed the Intermediate CertificationHas successfully completed the Advanced Certification]

1 year ago #34993

Up

1

Down

::

Hi Fabian,

We do not have a ‘one-fits-all’ type of solution for user management, because it highly depends on the individual scenario, but here a few suggestions:

• In general, we recommend organizing your applications/roles/users on your Simplifier instance within projects. In projects, you can define roles for design time (project roles), which are assigned to users that should work on or test the applications inside the project, as well as roles for runtime (business roles), that are assigned to the end users of the apps.
• We recommend to assign project roles and business roles via groups. So in a project, you can create groups and assign specific roles to these groups. When a new user joins the project and is added to the group, they automatically get all the roles from the group.
• In your case, I think there are two options: 1) Create one project for your application. Create a group for each agency X, and assign the role ‘user_agencyX’ to the group. For admin users, manually assign the role ‘admin_agencyX’ additionally. 2) Create a project with your application for each agency, then create a group with the role ‘user’ for all normal users, and a group with the role ‘admin’ for all admin users
• To filter the data, you also have options: 1) When using connector calls in the Process Designer, you can use the connector filter. In the filter UI, you can define specifications on how the data should be filtered (e.g., show only data where name = ‘xyz’). Also, you can configure that the filter specifications are only valid for specific roles (e.g., only if the user has the role ‘user’, the filter is applied). 2) With the server-side business object User API, you can check which business roles the currently logged in user has or if the user is assigned to a specific project. You can use this information as input for your backend system, to filter the data accordingly.

Here are some links to our documentation, for further reading:

• Roles and Rights (how to work with projects): https://community.simplifier.io/doc/operators-guide/roles-and-rights/
• Connector Filters: https://community.simplifier.io/doc/current-release/applications/process-dashboard-and-designer/data-objects/filters-for-connectors/
• Server-Side Business Object API (User API): https://community.simplifier.io/doc/current-release/applications/business-objects/create-business-objects/business-object-api/#1595935924487-1b934132-c392

 

I hope this information is helpful for your use case. Let me know if you have further questions.