I have one class: ClassA and 2 Roles(Groups): Role1, Role2.
users from Role1 and Role2 can work with only own objects from ClassA. This is means Role1 may create, edit, view and delete only objects, which it created before. Role2 have same permissions but for own objects.
How it configure:
1) can it works on editor attribute?
2) if yes: how configure filter display list?
1) need to create domain between Roles and ClassA?
2) if yes: how configure that, when user Role1 create new object, it automatically appointment this Role1 for this object?
if I understandcorrectlyyourneeds, you canusethe “privileges on rows” (Administrator Manual, page 64), filtering the rowson someuseful attribute. CMDBuild Team
for filtering row on some attribute i must have this attribute, for example "Role" or "Department".
my questions are "am i have another way, without attribute?" & if no "how can confugure this attribute for automatically filling it when user from "Role" or "Department" create with it"
Previously Tecnoteca wrote:
if I understandcorrectlyyourneeds, you canusethe "privileges on rows" (Administrator Manual, page 64), filtering the rowson someuseful attribute. CMDBuild Team
can I use for automatically fiiling attribute reference with group users?
for example, user "Ann" create obj ClassA which contain an attribute reference (domain ClassA - Groups of Users). This attribute for Users "Only for Read" but system for filter reference fill domain for "Finance depapartment", like at user "Ann"?
how confugure filter reference for that?
Ann is operator Group named "Finance depapartment".
We have thought a bit about your requirement and we think that the following solution will do the trick.
Set row-privileges based on a stored-procedure. The stored-procedure must have exactly the following in/out parameters:
IN "UserId" integer, IN "GroupId" integer, IN "ClassName" character varying, OUT "Number" integer
and must return a SETOF integer.
The function must return the list of the Id of the cards where the value of the "User" column matches the username corresponding to the UserId (i.e. the current user).
We have thought a bit about your requirement and we think that the following solution will do the trick.
Set row-privileges based on a stored-procedure. The stored-procedure must have exactly the following in/out parameters:
IN "UserId" integer, IN "GroupId" integer, IN "ClassName" character varying, OUT "Number" integer
and must return a SETOF integer.
The function must return the list of the Id of the cards where the value of the "User" column matches the username corresponding to the UserId (i.e. the current user).
Correct me if I 'm wrong but I think that CMDBuild allows by default only setting rights per user group. Thus everyone in the same group sees the same.
Thanks, J
Previously Maxim wrote:
Thank you for solution.
It works.
Previously Tecnoteca wrote:
We have thought a bit about your requirement and we think that the following solution will do the trick.
Set row-privileges based on a stored-procedure. The stored-procedure must have exactly the following in/out parameters:
IN "UserId" integer, IN "GroupId" integer, IN "ClassName" character varying, OUT "Number" integer
and must return a SETOF integer.
The function must return the list of the Id of the cards where the value of the "User" column matches the username corresponding to the UserId (i.e. the current user).
LoginUser (filled by trigger from user table depending on responsible user)
For a user group I have to limit the visibility of entries to those, the LoginUser is responsible for.
I have created a working standard filter, but users can disable it. So, it is not secure.
So, a function for use as filter in the groups & permissions section is needed.
I did some tries with the jsonb expression from the filter (@MY_USER), mentioned above - no success.