CA Service Management

 View Only
  • 1.  CASDM call_req view constraint with @root.role

    Posted 23 days ago
    Edited by Peter Schmidt 23 days ago

    Hi all,

    I want to restrict access to call_req view in context of logged in user's role.

    It should look like :

    (group.[group]group_list.member IN (@root.id) OR customer = @root.id) AND category = 'pcat:1002000' OR category != 'pcat:1002000' AND category != 'pcat:1000841' OR category = 'pcat:1000841' AND @root.role = 400202 OR category is null

    OR

    (group.[group]group_list.member IN (@root.id) OR customer = @root.id) AND category = 'pcat:1002000' OR category != 'pcat:1002000' AND category != 'pcat:1000841' OR category = 'pcat:1000841' AND 400202 IN @root.role OR category is null

    but both variants cannot be saved.

    What I want to reach out for is:

    I/R/P may not be viewed if logged in user has not correct role.

    Does anybody have any idea how to solve this?

    Thanks,

    Peter



  • 2.  RE: CASDM call_req view constraint with @root.role

    Posted 23 days ago

    As a workaround you can multiply roles and constraints - but I wanted to use one constraint for all similar working roles.

    Would be great when SQL translation also would allow comparison with constant values without adding Call_Req (i.e.).

    If you use

          @root.role  = 4711

    it is translated to SQL

          4711 = Call_Req.4711

    what causes the syntax-error.

    Would be great to get 

          4711 = 4711 

    in this case, what would be allowed.

    Regards,

    Peter




  • 3.  RE: CASDM call_req view constraint with @root.role

    Broadcom Employee
    Posted 23 days ago

    Hi Peter,

    As per your last update it seems 4711 is considered a column name , have you tried with AND @root.role = '400202' ?

    Sebastian




  • 4.  RE: CASDM call_req view constraint with @root.role

    Posted 23 days ago

    Hi Sebastion,

    yes, I tried everything you can think in this context ;-).

    everytime I get this syntax-problem.

    Thanks and regards,

    Peter




  • 5.  RE: CASDM call_req view constraint with @root.role

    Posted 18 days ago

    Hi Peter,

    I hit the same problem - I think (but would love someone to confirm) that it's related (somewhat) to the "Cartesian join" restriction.... basically, because it doesn't join both tables (it's your contact's data in it's table against a fixed value, doesn't reference the actual data table at all) it doesn't restrict those rows.... and it won't allow that.

    That's me vaguely reading between the lines on this:

    How to Set Up the Data Partition

    In the end I made it work by having constraints per role in addition to the group....