View Source

In SimpleOne, access to content items and categories is controlled by the system administrators. They can create user criteria records and define access conditions to any objects based on criteria specified.

Create user criteria

Role required: admin, security_admin (for create, read, update and delete operations, also known as CRUD).

Users with non-administrative roles can only view user criteria created earlier.

To create a user criteria record, complete the steps below:

Navigate to User Administration → User Criteria.
Click New and fill in the fields.
Click Save or Save and exit to apply the changes.

User criteria form fields

Field

Mandatory

Description

Name

N

Specify the record name.

Roles

N

Specify roles users should match.

Groups

N

Specify groups users should match.

Users

N

Specify user records to match.

Advanced conditions

N

Select this checkbox to specify a more precise condition. When selected, the Conditions field appears.

Conditions

N

Specify a more precise condition for your criteria using the condition builder. Empty condition always returns true.

This field appears when the Advanced conditions checkbox is selected.

Specified conditions are applied to users from the Employee table. For users from the User table and other tables extended from it, or from the Employee table, specified conditions return false.

Match all roles

N

Select this checkbox if the user must have all roles specified in the Roles field to meet the criteria.

Match all groups

N

Select this checkbox if the user must be a member of all the groups specified in the Groups field to meet the criteria.

Active

N

Select this checkbox to activate the user criteria.

Companies

N

Specify the company the user should match. Leave this field empty if users from all companies are allowed.

Locations

N

Specify the location the user should match. Leave this field empty if users from all locations are allowed.

Departments

N

Specify the divisions the user should match. Leave this field empty if users from all divisions are allowed.

Match all

N

Select this checkbox if all conditions in this record must be met to provide access. If the checkbox is clear, users must meet one of the criteria to gain access.

As an example, consider the following user criteria record with the conditions:

Location P or Q
Company X or Y.

If the Match all checkbox is selected, access is permitted only to the users with these locations and companies. An employee from company X and location Q can access objects, as well as an employee from company Y and location P.

If the Match all checkbox is clear, a user must meet at least one of these conditions. An employee with a location Q as well as an employee with company X can access objects.

API usage

The SimpleUserCriteria server-side API class allows you to perform your tasks when you work with the user criteria functionality.

Use case

You need to restrict access to the service catalog so that only certain users can access and manage it: users of the Content managers group from Moscow, Russia. To do so, create a user criteria record and set the conditions.

Navigate to User Administration → User Criteria.
Click New and fill in the fields.
Field Value
Name User Criteria for Service Catalog
Groups Content managers
Location Moscow, Russia
Navigate to System Security → Access Control (ACL).
1. In the Table field, select Service Catalog.

Use the method of the SimpleUserCriteria() class – userAcceptanceByCriteria(user, criteria).

const uc = new SimpleUserCriteria();
ss.info(uc.userAcceptanceByCriteria(ss.getUserID(), '158617888715304763'));
// Info: true

Field	Value
Name	User Criteria for Service Catalog
Groups	Content managers
Location	Moscow, Russia