cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to disable the UI task based on the Country of the user

former_member198652
Active Participant

on ‎01-21-2016 5:55 AM

0 Kudos

Hello Experts,

We have a requirement to hide/ disable the UI task. Previously we have role based access to this task.

The UI task should be enabled to the users who has the below roles and are from BE country.

We have modified the filter in the Access Control tab with the below query.

After modifying this, the UI task is always disabled/ hidden to all the logged in users even though they have the role.

Can you please help how to fix this issue

Thanks

Jay

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member198652
Active Participant
‎01-21-2016 9:00 AM
0 Kudos

Hi,

We would like to check the country of the logged in user and if the country is BE for that user, then need to enable this UI task. For all other country users, this UI task needs to be disabled/ hidden


Regards,

Jay

Show replies
Show replies
terovirta
Active Contributor
‎01-21-2016 9:15 AM
0 Kudos

Enable based on logged-in user's country or the country of the user in IdStore?

For user in IdStore, try then "mskey = %mskey%"

regards, Tero

jaisuryan
Active Contributor
‎01-22-2016 6:06 AM
0 Kudos

hmmmmm, if for logged-in user, I don't think you will be able to do it without SQL filter on your UI task. I havent tried this solution but I hope it works.

1) In your Identity store node, uncheck "Use simplified access control" check box.

2) Then in your UI task "Access control" tab, add new access control. In "Allow access for" field select "Filter" option which wouldn't be available if step-1 is not done.

3) select Build SQL query or type in the selection query which returns all mskeys of users who should be allowed to execute the UI task.

I think it would be,

select mskey from idmv_value_basic where attrname = 'MX_ADDRESS_COUNTRY' and searchvalue = 'BE' and mskey in (select mskey from idmv_vallink_basic where mcattrname = 'MXREF_MX_ROLE' and mcsearchvalue = '<Role MSKEYVALUE>')

This will have adverse effect on the performance on UI side as SQL will be executed every time the user logs in use the task. This is not recommended.

Let me know if it worked.

Kind regards,

Jai

Private_Member_347780
Explorer
‎04-14-2016 12:55 PM
0 Kudos

This message was moderated.

terovirta
Active Contributor
‎01-21-2016 8:54 AM
0 Kudos

With "MSKEY=%adminmskey%" you enable only the logged in user to execute the UI for their own record, is this what you want to do?

Show replies
Show replies
Steffi_Warnecke
Active Contributor
‎01-21-2016 8:48 AM
0 Kudos

Hello Jay,

I see a lot of not so great stuff going on with that sql statement. Using the value instead of the searchvalue for example. And the vallink view, when the value_basic would be quite good enough.

And the add of the adminmskey, too.

But I think, the main problem is, that you confuse the fields ("allow access for" and "on behalf of") of the access control. The second filter is for the entry the users of the first filter can use this UI mask on.

If you want to filter the users, who can use the mask, not the content you can use it for, then you have to put the filter in the first field (where you have just the role at the moment).

Take a look at the IDM help for the access control to get a better understanding of this.

Regards,

Steffi.

Show replies
Show replies
Ask a Question