Skip to main content
Version: On prem: 15.0.3

Request Access – Show/hide resources based on User Group membership

This configuration aims to limit the selection of resources that users can request based on their group membership. By implementing this solution we ensure that users only have access to resources relevant to their user group.

  1. Create a Lookup multi-value reference property that is referring to the User Group data object type, and add it to the resource form.

note

You need to find the correct view (Select Object(s)). In the default script file OIM_AccessRequest.js the UID for omada.accessRequest.selectionViewUId is = 957e4809-3ddf-4267-bbf1-7eb7ba1db22f.

  1. Go to SQL troubleshooting and search in the OIS database for:
SELECT *
  FROM [OIS].[dbo].[viewDataObjectView]
 WHERE[UID] = '957e4809-3ddf-4267-bbf1-7eb7ba1db22f'

You should have the following result:

Then copy the ID (In this case: 1000497).

  1. Go to the Selection view for access request and in the URL change viewed with the ID from the database. After refreshing you will find the view Select Object(s):
  1. Add the access modifier: ReferredGroupMembershipAccessModifier and the parameters GROUPPROPERTY=C_REQUESTABLE_BY:

As mentioned in the considerations below, it could be beneficial to import resources with constant stating that Everyone is allowed to select the resource.

Considerations

Categorization of Resources:
Resources that are not categorized will not appear in the request access process. It is recommended to import resources with a default category of “Employee” to ensure they are requestable.

User Group Restrictions:
This configuration restricts active users to select only the resources requestable by their user group. However, users with different group memberships can request resources on behalf of the initial requester, even if those resources are not visible to the initial requester.

User group reference property:
In later versions, the property USERGROUPREF has been added to the resource form, and this property can be used instead of creating your own reference property. It is a single-value property and if multiple user groups need to request the resource, this property should be modified to a multi-value property. In the Select Object(s) view you will then need to use the same access modifier and in the parameters type GROUPPROPERTY=USERGROUPREF.