Click or drag to resize

Omada.OE.AppLogic.AccessModifiers Namespace

 
Classes
  ClassDescription
Public classAccessModifierBase
Tip: Inherit from either CommonAccessModifierBase or ViewAccessModifierBase instead of this class!
Public classActivityAccessModifier

The access modifier gives read access to activity instance data objects which the active user has either created or has a work item for. The access modifier doesn't affect access to activity template data objects.

--- ADMINGROUPS is deprecated! Use the ActivityAccessModifier authorization element to control permissions --- The access modifier supports the parameter ADMINGROUPS which can be used to specify a number of user groups who's members should have READ+UPDATE access to all activity instances. The value of ADMINGROUPS must be a comma delimited string with user group uids. If ADMINGROUPS is not specified then the value defaults to the built-in Administrators group. If ADMINGROUPS is specified then the built-in Administrators group must be included in order to have READ+UPDATE access. --- ADMINGROUPSKEY is deprecated! Use the ActivityAccessModifier authorization element to toggle Admin permissions --- The access modifier also supports the parameter ADMINGROUPSKEY which works in the same way except that the value must be the key of a customer setting which holds a comma delimited string with user group uids.

--- READERGROUPS is deprecated! Use the ActivityAccessModifier authorization element to control permissions --- The access modifier supports the parameter READERGROUPS which can be used to specify a number of user groups who's members should have READ access to all activity instances. The value of READERGROUPS must be a comma delimited string with user group uids. --- READERGROUPSKEY is deprecated! Use the ActivityAccessModifier authorization element to toggle Read permissions --- The access modifier also supports the parameter READERGROUPSKEY which works in the same way except that the value must be the key of a customer setting which holds a comma delimited string with user group uids.

Public classCommonAccessModifierBase
Base class for access modifiers including DOT access modifiers and View access modifiers.
Public classCode exampleEmptyGroupsAccessModifier
The access modifier controls access to UserGroup data objects. Only user groups without any members are accessible. System groups are excluded. The access modifier overrides the security model.
SettingValue
AssemblyOmada.OE.AppLogic.AccessModifiers
ClassOmada.OE.AppLogic.AccessModifiers.EmptyGroupsAccessModifier

The access modifier is only to be used in views as it has no access calculation logic (only load-option modification!).

Examples
[Example Configuration]
Public classCode exampleFullReadAccessModifier
The FullReadAccessModifier overrides all security for a named data object or view so that everyone can have read access to that data object or view
Public classKeyPerformanceIndicatorAccessModifier
The KeyPerformanceIndicatorAccessModifier is based on ReferredGroupMembershipAccessModifier which grants view access to all data objects that refers a user group (in a specified reference property) that the active user is member of. Additionally it checks the value of EnableAnalysisServices customer setting. If it is false, we filter out KPIs which depend on Sql Server Analysis Services.
Public classProcessAccessModifier

The access modifier gives read access to process instance data objects which the active user has either created or has a work item for. The access modifier doesn't affect access to process template data objects.

--- ADMINGROUPS is deprecated! Use the ProcessAccessModifier authorization element to control permissions --- The access modifier supports the parameter ADMINGROUPS which can be used to specify a number of user groups who's members should have READ+UPDATE access to all process instances. The value of ADMINGROUPS must be a comma delimited string with user group uids. If ADMINGROUPS is not specified then the value defaults to the built-in Administrators group. If ADMINGROUPS is specified then the built-in Administrators group must be included in order to have READ+UPDATE access. --- ADMINGROUPSKEY is deprecated! Use the ProcessAccessModifier authorization element to toggle Admin permissions --- The access modifier also supports the parameter ADMINGROUPSKEY which works in the same way except that the value must be the key of a customer setting which holds a comma delimited string with user group uids.

--- READERGROUPS is deprecated! Use the ProcessAccessModifier authorization element to control permissions --- The access modifier supports the parameter READERGROUPS which can be used to specify a number of user groups who's members should have READ access to all process instances. The value of READERGROUPS must be a comma delimited string with user group uids. --- READERGROUPSKEY is deprecated! Use the ProcessAccessModifier authorization element to toggle Read permissions --- The access modifier also supports the parameter READERGROUPSKEY which works in the same way except that the value must be the key of a customer setting which holds a comma delimited string with user group uids.

Public classProcessTargetAccessModifier

The access modifier gives read and update access to target instance data objects which the active user has either created or has a work item for. The access modifier doesn't affect access to template target data objects.

--- ADMINGROUPS is deprecated! Use the ProcessTargetAccessModifier authorization element to control permissions --- The access modifier supports the parameter ADMINGROUPS which can be used to specify a number of user groups who's members should have READ+UPDATE access to all target instance data objects. The value of ADMINGROUPS must be a comma delimited string with user group uids. If ADMINGROUPS is not specified then the value defaults to the built-in Administrators group. If ADMINGROUPS is specified then the built-in Administrators group must be included in order to have READ+UPDATE access. --- ADMINGROUPSKEY is deprecated! Use the ProcessTargetAccessModifier authorization element to toggle Admin permissions --- The access modifier also supports the parameter ADMINGROUPSKEY which works in the same way except that the value must be the key of a customer setting which holds a comma delimited string with user group uids.

--- READERGROUPS is deprecated! Use the ProcessTargetAccessModifier authorization element to control permissions --- The access modifier supports the parameter READERGROUPS which can be used to specify a number of user groups who's members should have READ access to all target instance data objects. The value of READERGROUPS must be a comma delimited string with user group uids. --- READERGROUPSKEY is deprecated! Use the ProcessTargetAccessModifier authorization element to toggle Read permissions --- The access modifier also supports the parameter READERGROUPSKEY which works in the same way except that the value must be the key of a customer setting which holds a comma delimited string with user group uids.

The access modifier supports the parameter ADMINSPROPERTY which can be used to specify the system name of a reference property (present on the target data objects) for referencing users (and groups). The users in this property will have READ+UPDATE access to the target data objects they are stated on.

The access modifier supports the boolean parameter DisallowAuthRoleAccess. If true, the Process Target access modifier authrole elements for any authorization role will be ignored when calculating security permissions

Public classRealGroupsAccessModifier

The access modifier controls access to UserGroup data objects. The access modifier can only be used in a view (not for a data object type). Only "real" user groups are allowed - the following groups are filtered away: * personal groups * dummy groups * generic groups

The access modifier supports the parameter OverrideSecurity (True/False) which controls whether the security model will be overridden.

Public classCode exampleReferencePathAccessModifier
ReferencePath Access Modifier
SettingValue
AssemblyOmada.OE.AppLogic
ClassOmada.OE.AppLogic.AccessModifiers.ReferencePathAccessModifier
ParameterDescription
CONFIGUIDCode Method Configuration containing a list of ReferencePath strings separated by newline.
OVERRIDESECURITYIf set to TRUE or 1 the AccessModifier will override the DataObject security model.

Examples
\MANAGER \NEWMANAGER will show the identities managed by the active user as defined in the MANAGER and NEWMANAGER field on the identity.
Public classReferredGroupMembershipAccessModifier
The ReferredGroupMembershipAccessModifier grants view access to all data objects that refers a user group (in a specified reference property) that the active user is member of. Use the Access modifier parameter "GROUPPROPERTY", where the value is the system name of a reference property for a user group.
Public classRegularObjectsAccessModifier
The RegularObjectsAccessModifier displays all data objects except Users, UserGroups, Processes and Activities. Security is respected.
Public classCode exampleSqlAccessModifier

The SqlAccessModifier can be used to apply SQL filtering in views or other data object queries.

It should only be used of no other available filters can be used.

The SQL filter string is stored in an CodeMethod configuration object.

The filter string is added after an AND statement like this: "AND ([filter string])".

ParameterDescription
CONFIGUIDCode Method Configuration containing a SQL filter string.
Examples
Example of configuration: CONFIGUID=a935eac0-6e8d-4d0c-b4d7-92bba25fc653 Example of content in CodeMethod Configuration item: not exists (select 1 from sometable as st where st.doid = do.id)
Public classViewAccessModifierBase
Base class for access modifiers that are only to be usead in views as they have no access calculation logic (only load-option modification!).