You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 7 Next »
In SimpleOne, access to content items and categories is controlled by the system administrators. They can create user criteria records and define access conditions to any objects based on criteria specified.
Create user criteria
Role required: admin, security_admin (for сreate-read-update-delete operations, also known as CRUD).
Users with non-administrative roles can only view user criteria created earlier.
To create a user criteria record, complete the steps below:
- Navigate to User Administration → User Criteria.
- Click New and fill in the fields.
- Click Save or Save and Exit to apply the changes.
User criteria form fields
| Field | Mandatory | Description |
|---|---|---|
| Name | N | Specify the record name. |
| Roles | N | Specify roles users should match. |
| Groups | N | Specify groups users should match. |
| Users | N | Specify user records to match. |
| Advanced conditions | N | Select this checkbox to specify a more precise condition. When selected, the Conditions field appears. |
| Conditions | N | Specify a more precise condition for your criteria using the condition builder. Empty condition always returns true. This field appears when the Advanced conditions checkbox is selected. Specified conditions are applied to users from the Employee table. For users from the User table and other tables extended from it, or from the Employee table, specified conditions return false. |
| Match all roles | N | Select this checkbox if the user must have all roles specified in the Roles field to meet the criteria. |
| Match all groups | N | Select this checkbox if the user must be a member of all the groups specified in the Groups field to meet the criteria. |
| Active | N | Select this checkbox to activate the user criteria. |
| Companies | N | Specify the company the user should match. Leave this field empty if users from all companies are allowed. |
| Locations | N | Specify the location the user should match. Leave this field empty if users from all locations are allowed. |
| Departments | N | Specify the divisions the user should match. Leave this field empty if users from all divisions are allowed. |
| Match all | N | Select this checkbox if all conditions in this record must be met to provide access. If the checkbox is clear, users must meet one of the criteria to gain access. As an example, consider the following user criteria record with the conditions:
If the Match all checkbox is selected, access is permitted only to the users with these locations and companies. An employee from company X and location Q can access objects, as well as an employee from company Y and location P. If the Match all checkbox is clear, a user must meet at least one of these conditions. An employee with a location Q as well as an employee with company X can access objects. |
Use case
You need to restrict the access to the Service Catalog so that only certain users could access and manage it: users with the content_manager role from Moscow, Russia. To do this, create a user criteria record and specify the conditions, then add the user criteria to the ACLs:
- Navigate to User Administration → User Criteria.
Click New and fill in the fields:
Field
Value
Name Service Catalog User Criteria Roles content_manager Location Moscow, Russia - Navigate to Security → ACLs and click New.
- In the Table field, select the Service Catalog table.
Complete the script as follows with the SimpleUserCriteria() method – userAcceptanceByCriteria(user, criteria)
userAcceptanceByCriteriaconst uc = new SimpleUserCriteria(); ss.info(uc.userAcceptanceByCriteria(ss.getUserID(), '158617888715304763')); // Info: true
API Usage
The SimpleUserCriteria server-side API class allows you to perform your tasks when you work with the user criteria functionality.
- No labels
