CA Service Management

 View Only
  • 1.  CASDM call_req view constraint with @root.role

    Posted Jun 16, 2025 03:59 AM
    Edited by Peter Schmidt Jun 16, 2025 05:47 AM

    Hi all,

    I want to restrict access to call_req view in context of logged in user's role.

    It should look like :

    (group.[group]group_list.member IN (@root.id) OR customer = @root.id) AND category = 'pcat:1002000' OR category != 'pcat:1002000' AND category != 'pcat:1000841' OR category = 'pcat:1000841' AND @root.role = 400202 OR category is null

    OR

    (group.[group]group_list.member IN (@root.id) OR customer = @root.id) AND category = 'pcat:1002000' OR category != 'pcat:1002000' AND category != 'pcat:1000841' OR category = 'pcat:1000841' AND 400202 IN @root.role OR category is null

    but both variants cannot be saved.

    What I want to reach out for is:

    I/R/P may not be viewed if logged in user has not correct role.

    Does anybody have any idea how to solve this?

    Thanks,

    Peter



  • 2.  RE: CASDM call_req view constraint with @root.role

    Posted Jun 16, 2025 07:26 AM

    As a workaround you can multiply roles and constraints - but I wanted to use one constraint for all similar working roles.

    Would be great when SQL translation also would allow comparison with constant values without adding Call_Req (i.e.).

    If you use

          @root.role  = 4711

    it is translated to SQL

          4711 = Call_Req.4711

    what causes the syntax-error.

    Would be great to get 

          4711 = 4711 

    in this case, what would be allowed.

    Regards,

    Peter




  • 3.  RE: CASDM call_req view constraint with @root.role

    Broadcom Employee
    Posted Jun 16, 2025 07:39 AM

    Hi Peter,

    As per your last update it seems 4711 is considered a column name , have you tried with AND @root.role = '400202' ?

    Sebastian




  • 4.  RE: CASDM call_req view constraint with @root.role

    Posted Jun 16, 2025 07:47 AM

    Hi Sebastion,

    yes, I tried everything you can think in this context ;-).

    everytime I get this syntax-problem.

    Thanks and regards,

    Peter




  • 5.  RE: CASDM call_req view constraint with @root.role

    Posted Jun 20, 2025 01:17 PM

    Hi Peter,

    I hit the same problem - I think (but would love someone to confirm) that it's related (somewhat) to the "Cartesian join" restriction.... basically, because it doesn't join both tables (it's your contact's data in it's table against a fixed value, doesn't reference the actual data table at all) it doesn't restrict those rows.... and it won't allow that.

    That's me vaguely reading between the lines on this:

    How to Set Up the Data Partition

    In the end I made it work by having constraints per role in addition to the group....