Programatically access users role


Author
Message
Philipp Guntermann
Philipp Guntermann
StrataFrame User (249 reputation)StrataFrame User (249 reputation)StrataFrame User (249 reputation)StrataFrame User (249 reputation)StrataFrame User (249 reputation)StrataFrame User (249 reputation)StrataFrame User (249 reputation)StrataFrame User (249 reputation)StrataFrame User (249 reputation)
Group: Forum Members
Posts: 141, Visits: 263
Is there a simple way to access the rules assigned to a specified user ?

this is what i got so far:

ISecurityUser U = MicroFour.StrataFrame.Security.SecurityBasics.CurrentUser;

MicroFour.StrataFrame.Security.BusinessObjects.SFSRolesBO RolesBO = new MicroFour.StrataFrame.Security.BusinessObjects.SFSRolesBO();

RolesBO.FillAllByUser(U.UserPK);

..

thanks Smile


Replies
Greg McGuffey
Greg McGuffey
Strategic Support Team Member (4.8K reputation)
Group: Forum Members
Posts: 2K, Visits: 6.6K
To get the roles, the code you originally posted will work nicely, I'd think.



However, I'm a bit confused about this statement:



...but it would be nice to read the roles of a user as well without having to assign some permission key to each role for identification.




This seems to suggest that you are conceptualizing that roles should be used to determine access to some feature in your application. This is not the case. Permissions are intended to be used to control access. This makes sense once you work it out. Permissions have an action (GRANT, READONLY, DENY) that determine access, while roles are simply containers for permissions. Thus the permission determines what access, while the role simply allows a set of permissions to be assigned to a user at once. Also, since multiple roles might use the same permission, with conflicting actions (i.e. one role might have an action of GRANT for a permission and another the action of DENY) AND the user might be directly assigned a permission, the SF RBS enforces the rules related to this (see help for more details). The GetPermission() method sorts all that out and returns the final verdict for any permission. In code, or via the SecurityKey setting in forms or BOs, you then set the security key that controls access to a feature. I hope that this makes sense (if it didn't already).



Of course, there could be many reasons you might also want to access the roles assigned to a user and for those uses, the SFS BOs are how you'd do it (and how you are doing it). And you don't have to assign permissions to a role for this to work. I.e. you can create empty roles (with no permissions assigned to the role) and then assign users to them. Also note that the RBS system is designed to allow the end users to create users, create roles and assign users to roles/permissions, unless you disable that feature. So, there could be roles you don't know about out in the field.



Hope that helps. If not, keep asking! BigGrin
Philipp Guntermann
Philipp Guntermann
StrataFrame User (249 reputation)StrataFrame User (249 reputation)StrataFrame User (249 reputation)StrataFrame User (249 reputation)StrataFrame User (249 reputation)StrataFrame User (249 reputation)StrataFrame User (249 reputation)StrataFrame User (249 reputation)StrataFrame User (249 reputation)
Group: Forum Members
Posts: 141, Visits: 263
Greg McGuffey (07/29/2008)
To get the roles, the code you originally posted will work nicely, I'd think.

However, I'm a bit confused about this statement:

...but it would be nice to read the roles of a user as well without having to assign some permission key to each role for identification.


This seems to suggest that you are conceptualizing that roles should be used to determine access to some feature in your application. This is not the case. Permissions are intended to be used to control access. This makes sense once you work it out. Permissions have an action (GRANT, READONLY, DENY) that determine access, while roles are simply containers for permissions. Thus the permission determines what access, while the role simply allows a set of permissions to be assigned to a user at once. Also, since multiple roles might use the same permission, with conflicting actions (i.e. one role might have an action of GRANT for a permission and another the action of DENY) AND the user might be directly assigned a permission, the SF RBS enforces the rules related to this (see help for more details). The GetPermission() method sorts all that out and returns the final verdict for any permission. In code, or via the SecurityKey setting in forms or BOs, you then set the security key that controls access to a feature. I hope that this makes sense (if it didn't already).

Of course, there could be many reasons you might also want to access the roles assigned to a user and for those uses, the SFS BOs are how you'd do it (and how you are doing it). And you don't have to assign permissions to a role for this to work. I.e. you can create empty roles (with no permissions assigned to the role) and then assign users to them. Also note that the RBS system is designed to allow the end users to create users, create roles and assign users to roles/permissions, unless you disable that feature. So, there could be roles you don't know about out in the field.

Hope that helps. If not, keep asking! BigGrin

hi greg,

yes i understand the permission based system. however i'd still want to have the oppertunity to pull the roles associated with a user through our class library, if only for display purposes.

I thought there might be away to get this information directly through the SecurityBasics class, rather than having to query the UserRolesBO. Tho it seems there isnt.

Thanks for you reply Smile

Greg McGuffey
Greg McGuffey
Strategic Support Team Member (4.8K reputation)
Group: Forum Members
Posts: 2K, Visits: 6.6K
Yes, I think currently, using the SFSUserRolesBO is the only way to access the roles used by a user. Of course, the SF security dialog also shows all the roles/permissions assigned for a user, so you have that option as well (but that probably doesn't work in your situation). You could, of course, make an enhancement suggestion BigGrin
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...





Similar Topics

Reading This Topic

Login

Explore
Messages
Mentions
Search