Securing Folder Entity Permissions and ActionsLast Updated: 07/29/2016 Introduced in Verision: 2.0 |
Folder entity actions are actions which can be taken upon a folder entity. Default folder entity actions can be removed or added by editing the data structure in System > Common Data Elements > Data Structures. Custom folder entity actions can be secured by checking group memberships within those flows, found at System > Common Data Elements > Entity Actions > [MyFolderEntity].
Example
In our example, we will restrict users’ ability to edit a CarPassenger entity once its been created. Our CarPassenger entity already has a pre-designed action called Change Seat Position, and which allows us to change only a Car Passengers seat position. To ensure that this the only editing action users have, we will remove the Edit Object action. We will also modify the Change Seat Position action so that only Car Managers can change a Car Passengers seat position. If an unauthorized user attempts this action, they will be shown a form that displays the details of the Car Passenger and a message telling them that their permissions are insufficient.
Our example assumes that we have already designed the Insufficient Permissions to Change Seat Form.
We will begin in the portal by navigating to System > Common Data Elements > Data Structures. (This data structure could also reside in a Designer Folder.) Select the CarPassenger folder entity and select the action Edit Defined Data Structure.
In the resulting Edit Folder Entity Data Structure pop-up, clear the Show Edit Action checkbox and click Save.
When we navigate to our Car folder and open the actions menu for a CarPassenger folder entity, notice that the Edit Object action is no longer displayed.
Next, we will secure the Change Seat Position action so that only Car Managers can take this action. Navigate to System > Common Data Elements > Entity Actions > UserType.VehiclePassenger. (This Entity Action folder could also reside in a Designer Folder.) Select the Change Seat Position flow and click Edit to open it in the Flow Designer.
Begin by removing the outcome path that connects the Get VehiclePassenger By Id component to the Change Seat Position Form component.
Next, we will get a list of the groups to which the current user belongs. Find the Get My Groups component in the Toolbox tab, under the category Integration > Internal Services > GroupService. We will place this component in our flow and put in the Done path of the Get VehiclePassenger By Id component, and rename the output “MyGroups.”
Next, we will check whether the current user is a member of the Car Managers group. To do this, place a String Is In List Case Sensitive component in the Done path of our Get My Groups component. We will find it in the Toolbox tab, under the category Data > Text.
Next, we will map the inputs of the String Is In List Case Sensitive component. Set caseInsensitive to True and value to “Car Managers.” To search for Car Managers among the names of our current users groups, we will map My Groups > All EntityName to list.
Next, we will direct unauthorized users to the Insufficient Permissions to Change Seat Form. Find this form in Forms [Interaction ] > [Root Folder ] > Designer Entities.
We will also open the Mapping Editor and map the relevant properties of the CarPassenger we retrieved earlier to the form. Click OK to save our mappings and close the Mapping Editor.
Once we’ve connected all of our remaining outcomes, this will complete our changes. We will save our flow and close the Flow Designer.
Back in the portal, when we attempt to perform the Change Seat Position action, we will be shown the Insufficient Permissions to Change Seat Form.
