Case Level Permissions: Difference between revisions

From QPR ProcessAnalyzer Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
There is model JSON settings for each QPR ProcessAnalyzer model. The JSON settings contain configurations and settings related to the model. The model needs to be reloaded for the changed settings to take effect.
Each QPR ProcessAnalyzer model has '''model JSON settings'''. These JSON settings contain configurations and settings related to the model. The model needs to be reloaded into memory for the changed settings to take effect.


The below defined settings are available.
The below defined settings are available.


{| class="wikitable"
{| class="wikitable"
! Property
! Section
! Description
! Description
|-
|-
|Permissions
|Permissions
|Permissions section specifies data security based visibility restrictions for objects within the QPR ProcessAnalyzer model. The feature is available in [[Installing QPR ProcessAnalyzer Server#Configure_Web_Service_to_use_In-Memory_or_In-Database_processing|In-Memory core]]. If these settings have not been set, all the model data within is visible to all the users having '''GenericRead''' permission for the project in which the model resides. It is possible to configure additional case level permissions by using these settings.
|Permissions section specifies data security restrictions (limit visibility) for objects within the QPR ProcessAnalyzer model. If these settings have not been used, all the model data is visible to all users having '''GenericRead''' permission for the project in which the model resides. It is possible to configure additional case level permissions by using these settings. The feature is only available in [[Installing QPR ProcessAnalyzer Server#Configure_Web_Service_to_use_In-Memory_or_In-Database_processing|In-Memory core]].


{| class="wikitable"
{| class="wikitable"
Line 15: Line 15:
|-
|-
|Initialization
|Initialization
|[[QPR_ProcessAnalyzer_Expressions|Expression language]] expression used to initialize calculation environment for all the other expressions within this same permissions context. This expression is evaluated within a generic context. This expression can be used to improve performance if there is an expression that doesn't need to be calculated for every Case separately but only once.
|[[QPR_ProcessAnalyzer_Expressions|Expression language]] expression used to make an initial calculation for all the other expressions within this same permissions context. This expression can be used to improve performance when part of the Case or EventLogKey expressions are common and thus they don't need to be calculated again for every Case separately. See the examples below of using the Initialization expression.
|-
|-
||Case
||Case
||[[QPR_ProcessAnalyzer_Expressions|Expression language]] expression evaluated within the context of every case one-by-one. If the evaluation results '''true''', then the case is visible for the user. Otherwise the case, its events and case and event attributes are not visible.
||[[QPR_ProcessAnalyzer_Expressions|Expression language]] expression determining which uses can see a case. The expression is evaluated within the context of each case. If the evaluation results '''true''', the case is visible for the user. Otherwise the case, its events and case and event attributes are not visible.
|-
|-
||EventLogKey
||EventLogKey
||[[QPR_ProcessAnalyzer_Expressions|Expression language]] expression used to uniquely identify all the unique event logs created by case permission filters. This expression is evaluated within a generic context.
||[[QPR_ProcessAnalyzer_Expressions|Expression language]] expression used to uniquely identify all the unique event logs created by case permission filters.
|}
|}
|}
|}


== Examples of Defining Case Security Settings ==
== Examples of Defining Case Permissions ==
Create a permission filter so that visibility of cases is limited in a way hat only users belonging to a user group whose name equals to Region case attribute value.
In this example, visibility of cases is limited in a way that only those users can see the cases belonging to a user group which name is same as the Region (case attribute).
<pre>
<pre>
{
{
Line 37: Line 37:
</pre>
</pre>


Create a permission filter so that every case is only visible for users whose user name equals to Account Manager case attribute value.
In this example, cases are only visible for users whose user name is same as the Account Manager (case attribute).
<pre>
<pre>
{
{

Revision as of 22:02, 6 February 2018

Each QPR ProcessAnalyzer model has model JSON settings. These JSON settings contain configurations and settings related to the model. The model needs to be reloaded into memory for the changed settings to take effect.

The below defined settings are available.

Section Description
Permissions Permissions section specifies data security restrictions (limit visibility) for objects within the QPR ProcessAnalyzer model. If these settings have not been used, all the model data is visible to all users having GenericRead permission for the project in which the model resides. It is possible to configure additional case level permissions by using these settings. The feature is only available in In-Memory core.
Property Description
Initialization Expression language expression used to make an initial calculation for all the other expressions within this same permissions context. This expression can be used to improve performance when part of the Case or EventLogKey expressions are common and thus they don't need to be calculated again for every Case separately. See the examples below of using the Initialization expression.
Case Expression language expression determining which uses can see a case. The expression is evaluated within the context of each case. If the evaluation results true, the case is visible for the user. Otherwise the case, its events and case and event attributes are not visible.
EventLogKey Expression language expression used to uniquely identify all the unique event logs created by case permission filters.

Examples of Defining Case Permissions

In this example, visibility of cases is limited in a way that only those users can see the cases belonging to a user group which name is same as the Region (case attribute).

{
  "Permissions": {
    "Initialization": "Let(\"groupNames\", OrderByValue(CurrentUser.GroupNames))", 
    "Case": "Region.In(groupNames)",
    "EventLogKey": "StringJoin(\"_\", groupNames)"
  }
}

In this example, cases are only visible for users whose user name is same as the Account Manager (case attribute).

{
  "Permissions": {
    "Initialization": "Let(\"userName\", CurrentUser.Name)", 
    "Case": "(Attribute(\"Account Manager\") == userName)",
    "EventLogKey": "CurrentUser.Id"
  }
}