In SimpleOne, access to content items and categories are controlled by the system administrators. They can create user criteria records and define access conditions for any objects based on criteria specified.
Creating a user criteria record
Role required: admin, security_admin (full management: create-read-update-delete, also known as CRUD).
Users with non-admin roles can only view user criteria created earlier.
To create a user criteria record, please complete the steps below:
- Navigate to User Administration → User Criteria.
- Click New and fill in the fields.
- Click Save or Save and Exit to apply the changes.
User criteria form fields
| Field | Mandatory | Description |
|---|---|---|
| Name | N | Specify the record name. |
| Roles | N | Specify the role to match. |
| Groups | N | Specify the group to match. |
| Users | N | Specify the user record to match. |
| Advanced conditions | N | Select this checkbox to specify a more precise condition to evaluate. When selected, the Conditions field appears. |
| Conditions | N | Specify a more precise condition for your criteria using the Condition Builder. Empty condition always returns 'true'. This field appears when the Advanced conditions checkbox is selected. Specified conditions are applied to users from the Employee table. For users from the User table and other tables extended from it or from the Employee table, specified conditions return 'false'. |
| Match all roles | N | Select this checkbox if the user must have all roles specified in the Roles field to meet the criteria. |
| Match all groups | N | Select this checkbox if the user must be a member of all the groups specified in the Groups field to meet the criteria. |
| Active | N | Select this checkbox to activate or deactivate the user criteria record. |
| Companies | N | Specify the employee's company to match. Leave this field blank if users from all companies are allowed. |
| Locations | N | Specify the employee's location to match. Leave this field blank if users from all locations are allowed. |
| Divisions | N | Specify the employee's divisions to match. Leave this field blank if users from all divisions are allowed. |
| Match all | N | Select this checkbox if all conditions in this record must be met to provide access. If unselected, the user must meet one of the criteria to gain access. As an example, we take a user criteria record with the following conditions:
If the Match all checkbox is selected, access is permitted only to users with these locations and companies. That is, an employee from company X and location Q can access the item as well as an employee from company Y and location P. If the Match all checkbox is cleared, a user must meet at least one of these conditions. That is, an employee with a location Q as well as an employee with company X. |
API Usage
When working with the user criteria functionality, the SimpleUserCriteria server-side API class enables you to perform your tasks.
Use case
You need to restrict the access to the Service Catalog so that only certain users could access and manage it: users with the content_manager role from Moscow, Russia. To do so, create a user criteria record and specify the conditions, then you need to add the user criteria to the ACLs:
- Navigate to User Administration → User Criteria.
Click New and fill in the fields:
Field Value Name Service Catalog User Criteria Roles content_manager Location Moscow, Russia - Navigate to ACLs and click New. In the new page, in the Table field, select “Service Catalog”.
Complete the script as follows with the SimpleUserCriteria() methods.
userAcceptanceByCriteriaconst uc = new SimpleUserCriteria(); ss.info(uc.userAcceptanceByCriteria(ss.getUserID(), '158617888715304763')); // Info: true
- No labels
