I hit the same problem - I think (but would love someone to confirm) that it's related (somewhat) to the "Cartesian join" restriction.... basically, because it doesn't join both tables (it's your contact's data in it's table against a fixed value, doesn't reference the actual data table at all) it doesn't restrict those rows.... and it won't allow that.
That's me vaguely reading between the lines on this:
How to Set Up the Data Partition
In the end I made it work by having constraints per role in addition to the group....
Original Message:
Sent: Jun 16, 2025 07:47 AM
From: Peter Schmidt
Subject: CASDM call_req view constraint with @root.role
Hi Sebastion,
yes, I tried everything you can think in this context ;-).
everytime I get this syntax-problem.
Thanks and regards,
Peter
Original Message:
Sent: Jun 16, 2025 07:38 AM
From: Sebastian Nagy
Subject: CASDM call_req view constraint with @root.role
Hi Peter,
As per your last update it seems 4711 is considered a column name , have you tried with AND @root.role = '400202' ?
Sebastian
Original Message:
Sent: Jun 16, 2025 07:26 AM
From: Peter Schmidt
Subject: CASDM call_req view constraint with @root.role
As a workaround you can multiply roles and constraints - but I wanted to use one constraint for all similar working roles.
Would be great when SQL translation also would allow comparison with constant values without adding Call_Req (i.e.).
If you use
@root.role = 4711
it is translated to SQL
4711 = Call_Req.4711
what causes the syntax-error.
Would be great to get
4711 = 4711
in this case, what would be allowed.
Regards,
Peter
Original Message:
Sent: Jun 16, 2025 03:59 AM
From: Peter Schmidt
Subject: CASDM call_req view constraint with @root.role
Hi all,
I want to restrict access to call_req view in context of logged in user's role.
It should look like :
(group.[group]group_list.member IN (@root.id) OR customer = @root.id) AND category = 'pcat:1002000' OR category != 'pcat:1002000' AND category != 'pcat:1000841' OR category = 'pcat:1000841' AND @root.role = 400202 OR category is null
OR
(group.[group]group_list.member IN (@root.id) OR customer = @root.id) AND category = 'pcat:1002000' OR category != 'pcat:1002000' AND category != 'pcat:1000841' OR category = 'pcat:1000841' AND 400202 IN @root.role OR category is null
but both variants cannot be saved.
What I want to reach out for is:
I/R/P may not be viewed if logged in user has not correct role.
Does anybody have any idea how to solve this?
Thanks,
Peter