Case Level Permissions: Difference between revisions
No edit summary |
|||
Line 28: | Line 28: | ||
=== Usecase for case permissions === | === Usecase for case permissions === | ||
Example: QPR ProcessAnalyzer model contains the following cases: | Example: There are groups G1, G2 and G3. Case permissions have been set as follows: | ||
* group G1 can only see cases where (case attribute) Region is Dallas | |||
* group G2 can only see cases where Region is Austin | |||
* group G3 can only see cases where Region is either Austin or New York | |||
QPR ProcessAnalyzer model contains the following cases: | |||
{| class="wikitable" | {| class="wikitable" | ||
! Case name | ! Case name | ||
Line 59: | Line 64: | ||
|} | |} | ||
Thus, when viewing analyses, the user sees that the model contains the following cases: | |||
* If user only belongs to group G1, user can see cases A and B (2 cases) | |||
* If user only belongs to group G2, user can see case C (1 case) | |||
* If user only belongs to group G3, user can see cases C, D, E and F (4 cases) | |||
Thus, when viewing analyses | |||
* If user only belongs to group G1, user can see cases A and B | |||
* If user only belongs to group G2, user can see case C | |||
* If user only belongs to group G3, user can see cases C, D, E and F | |||
=== Examples for Defining Case Permissions === | === Examples for Defining Case Permissions === |
Revision as of 19:49, 15 March 2018
Each QPR ProcessAnalyzer model has model JSON settings. These JSON settings contain configurations and settings related to the model. The model needs to be reloaded into memory for the changed settings to take effect. See how to change model JSON settings.
The below defined settings are available.
Case Permissions
Section | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
Permissions | This section specifies data security restrictions for objects within the QPR ProcessAnalyzer model (i.e. limit visibility). If the Permissions section hasn't been defined, all the model data is visible to all users having GenericRead permission for the project in which the model resides (more information about roles and permissions). Permissions defined in this section, are only available when using the In-Memory core.
|
Usecase for case permissions
Example: There are groups G1, G2 and G3. Case permissions have been set as follows:
- group G1 can only see cases where (case attribute) Region is Dallas
- group G2 can only see cases where Region is Austin
- group G3 can only see cases where Region is either Austin or New York
QPR ProcessAnalyzer model contains the following cases:
Case name | Region (case attribute) | Groups can see |
---|---|---|
A | Dallas | G1 |
B | Dallas | G1 |
C | Austin | G2, G3 |
D | New York | G3 |
E | New York | G3 |
F | New York | G3 |
Thus, when viewing analyses, the user sees that the model contains the following cases:
- If user only belongs to group G1, user can see cases A and B (2 cases)
- If user only belongs to group G2, user can see case C (1 case)
- If user only belongs to group G3, user can see cases C, D, E and F (4 cases)
Examples for Defining Case Permissions
In this example, visibility of cases is limited in a way that only those users can see the cases belonging to a user group which name is same as the Region (case attribute).
{ "Permissions": { "Initialization": "Let(\"groupNames\", OrderByValue(CurrentUser.GroupNames))", "Case": "Region.In(groupNames)", "EventLogKey": "StringJoin(\"_\", groupNames)" } }
In this example, cases are only visible for users whose user name is same as the Account Manager (case attribute).
{ "Permissions": { "Initialization": "Let(\"userName\", CurrentUser.Name)", "Case": "(Attribute(\"Account Manager\") == userName)", "EventLogKey": "CurrentUser.Id" } }
In this example, cases having "Region" case attribute of "Dallas" will only be visible for users belonging to user group "GroupA" (and "New York" for group "GroupB").
{ "Permissions": { "Initialization": "Let(\"groupNames\", CurrentUser.GroupNames)", "Case": "(Region == \"Dallas\" && \"GroupA\".In(groupNames)) || (Region == \"New York\" && \"GroupB\".In(groupNames))", "EventLogKey": "If(\"GroupA\".In(groupNames), \"_A\", \"_\") + If(\"GroupB\".In(groupNames), \"_B\", \"_\")" } }