Securing Folder Extension Permissions and ActionsLast Updated: 07/29/2016 Introduced in Verision: 2.0 |
Folder extension actions can be removed by modifying the data structure in their respective Designer Folder. Custom folder extension actions can be secured with the Flow Designer by checking the users group membership.
Example
In our example, we will restrict the actions that a user can perform on Car folders. This is done by removing the actions: Delete, Edit, Add Comment, Add Document, Manage Permissions, Move Folder, Add Sub Folder, Add ToDo, and Change Name. We will also modify the existing Edit Car action to only allow members of the Car Managers group to edit a car.
By default, Car folders are configured to show our custom Edit Car action, as well as default actions for Editing, Adding, Deleting, Moving, Renaming and changing the permissions of such a folder.
In the resulting Edit Folder Extension Data Structure pop-up, clear the checkboxes for: Show Delete Action, Show Edit Action, Show Add Comment, Show Add Document, Show Manage Permissions, Show Move Folder, Show Add Sub Folder, Show Add ToDo and Show Change Name. With our changes completed, click the Save button.
Next, modify our custom Edit Car action so that only members of the Car Managers group can edit a car. Navigate to the Designer Folder that contains the folder for the folder extension Transportation.CarFolderBehavior. Select the Edit Car flow and click the Edit link to open it in the Flow Designer.
Begin by removing the outcome path connecting our Get Car component to the [Form] Edit Car Form component.
To get a list of the groups of which the current user is a member, use the Get My Groups component. It can be found in the Toolbox tab, under the category Integration > Internal Services > GroupService. After connecting it to our flow, rename its output to “MyGroups.”
Next we will use the String Is In List Case Sensitive component to test whether the group “Car Managers” is one of the groups to which the current user belongs. It can be found in the Toolbox tab, under the category Data > Text. After connecting it to our flow, set the caseInsensitive property to True and define value as “Car Managers.”
To finish configuring this component, map the output MyGroups > All EntityName to list.
If the current user is not a member of the “Car Managers” group, we would like to display an alternate form that lets the user know why they are unable to edit this Car folder. For this, we will use a pre-designed form which we’ll find in the Toolbox tab, under the category Forms [Interaction] > [Root Folder] > Designer Entities > Insufficient Permissions Form. Place this form in the workspace and connect the relevant outcomes.
As a courtesy, we will also use this form to display the details of the car, although the user will not be able to edit them. To complete this configuration, open the mapping editor and map the properties of the Car object to the labels defined in our form: CarColor, CarMake, CarModel and Car Year.
This completes our edits of the Edit Car flow, so we will save the flow and close the Flow Designer.
Back in the portal, navigate to our Car folder and select the Edit Car action. When we do, we will be shown the Insufficient Permissions Form.
To make our current user qualified to run the Edit Car action, navigate to System > Security > Accounts and select the current user. In that account’s action menu, we will select Add/Remove Groups.
In the resulting Add/Remove Groups pop-up, click the Add button.
In the resulting Select Group pop-up will select Car Managers and click OK twice to complete the change.
Now, when we run the same Edit Car action, we will be shown the Edit Car form and be allowed to make changes to this Car folder.
