CA Service Management

Hi all,

I want to restrict access to call_req view in context of logged in user's role.

It should look like :

(group.[group]group_list.member IN (@root.id) OR customer = @root.id) AND category = 'pcat:1002000' OR category != 'pcat:1002000' AND category != 'pcat:1000841' OR category = 'pcat:1000841' AND @root.role = 400202 OR category is null

OR

(group.[group]group_list.member IN (@root.id) OR customer = @root.id) AND category = 'pcat:1002000' OR category != 'pcat:1002000' AND category != 'pcat:1000841' OR category = 'pcat:1000841' AND 400202 IN @root.role OR category is null

but both variants cannot be saved.

What I want to reach out for is:

I/R/P may not be viewed if logged in user has not correct role.

Does anybody have any idea how to solve this?

Thanks,

Peter

As a workaround you can multiply roles and constraints - but I wanted to use one constraint for all similar working roles.

Would be great when SQL translation also would allow comparison with constant values without adding Call_Req (i.e.).

If you use

      @root.role  = 4711

it is translated to SQL

      4711 = Call_Req.4711

what causes the syntax-error.

Would be great to get 

      4711 = 4711 

in this case, what would be allowed.

Regards,

Peter

Hi all,

I want to restrict access to call_req view in context of logged in user's role.

It should look like :

(group.[group]group_list.member IN (@root.id) OR customer = @root.id) AND category = 'pcat:1002000' OR category != 'pcat:1002000' AND category != 'pcat:1000841' OR category = 'pcat:1000841' AND @root.role = 400202 OR category is null

OR

(group.[group]group_list.member IN (@root.id) OR customer = @root.id) AND category = 'pcat:1002000' OR category != 'pcat:1002000' AND category != 'pcat:1000841' OR category = 'pcat:1000841' AND 400202 IN @root.role OR category is null

but both variants cannot be saved.

What I want to reach out for is:

I/R/P may not be viewed if logged in user has not correct role.

Does anybody have any idea how to solve this?

Thanks,

Peter

Hi Peter,

As per your last update it seems 4711 is considered a column name , have you tried with AND @root.role = '400202' ?

Sebastian

As a workaround you can multiply roles and constraints - but I wanted to use one constraint for all similar working roles.

Would be great when SQL translation also would allow comparison with constant values without adding Call_Req (i.e.).

If you use

      @root.role  = 4711

it is translated to SQL

      4711 = Call_Req.4711

what causes the syntax-error.

Would be great to get 

      4711 = 4711 

in this case, what would be allowed.

Regards,

Peter

Hi all,

I want to restrict access to call_req view in context of logged in user's role.

It should look like :

(group.[group]group_list.member IN (@root.id) OR customer = @root.id) AND category = 'pcat:1002000' OR category != 'pcat:1002000' AND category != 'pcat:1000841' OR category = 'pcat:1000841' AND @root.role = 400202 OR category is null

OR

(group.[group]group_list.member IN (@root.id) OR customer = @root.id) AND category = 'pcat:1002000' OR category != 'pcat:1002000' AND category != 'pcat:1000841' OR category = 'pcat:1000841' AND 400202 IN @root.role OR category is null

but both variants cannot be saved.

What I want to reach out for is:

I/R/P may not be viewed if logged in user has not correct role.

Does anybody have any idea how to solve this?

Thanks,

Peter

Hi Sebastion,

yes, I tried everything you can think in this context ;-).

everytime I get this syntax-problem.

Thanks and regards,

Peter

Hi Peter,

As per your last update it seems 4711 is considered a column name , have you tried with AND @root.role = '400202' ?

Sebastian

As a workaround you can multiply roles and constraints - but I wanted to use one constraint for all similar working roles.

Would be great when SQL translation also would allow comparison with constant values without adding Call_Req (i.e.).

If you use

      @root.role  = 4711

it is translated to SQL

      4711 = Call_Req.4711

what causes the syntax-error.

Would be great to get 

      4711 = 4711 

in this case, what would be allowed.

Regards,

Peter

Hi all,

I want to restrict access to call_req view in context of logged in user's role.

It should look like :

(group.[group]group_list.member IN (@root.id) OR customer = @root.id) AND category = 'pcat:1002000' OR category != 'pcat:1002000' AND category != 'pcat:1000841' OR category = 'pcat:1000841' AND @root.role = 400202 OR category is null

OR

(group.[group]group_list.member IN (@root.id) OR customer = @root.id) AND category = 'pcat:1002000' OR category != 'pcat:1002000' AND category != 'pcat:1000841' OR category = 'pcat:1000841' AND 400202 IN @root.role OR category is null

but both variants cannot be saved.

What I want to reach out for is:

I/R/P may not be viewed if logged in user has not correct role.

Does anybody have any idea how to solve this?

Thanks,

Peter