<< Click to Display Table of Contents >>
Navigation: Bizagi Studio > Security definition > Case Security > Manage privileges through expressions >
Grant case access
Expression to add a the boss of the creator user
In a Purchase Request Process the information needs to be restricted so that only the creator and the supervisor can access the information. According to what was explained above, all users who are assigned during the case have access.
The user creator, by definition, will automatically be added to the list of privileged users. However, the user’s supervisor must be added through an expression, so the supervisor can have access to the case from the beginning. To achieve this, you must set the process to have Private case security. Then add an expression to include the user's supervisor as a privileged user.
1. From the Expert View access the Process properties by right-clicking the current version.
2. Select Private at the case security to restrict the access to the cases information for all users except those regarded as privileged users. Then click OK.
3. In step four of the Process Wizard, go to Activity Actions to create an expression. Select the action to be On enter. The rule should add the creator's supervisor to the list of privileged users.
//Obtain the direct supervisor
//Grant Access to the supervisor
Now let us test if the expression works. Suppose we have three users:
•CreatorUser: It is the user who created the case.
•Boss: The supervisor of the CreatorUser.
•RestrictedUser: The user that must be disallowed access.
Login with the CreatorUser and create a new Purchase Request case.
The CreatorUser is automatically included as a privileged user and so they can consult the cases at any time. Enter the case number in the search field. For this example it will be 1905.
If you click Case Number you see the case information.
Similarly the Boss user, who previously was granted access as the Creator's supervisor, has access rights.
If you logged in as a RestrictedUSer user, you are not able to access the case. It would appear as if the case didn't exist.
Expression to add a Privileged user
In a Purchase Request Process we need to restrict the information to only allow privileged users to access the case (creator and assignees). Additionally we wish to include the Commercial Vice President, who has no assignment in such cases, as a privileged user. Therefore the user must be added using an expression. To do this, we store the Commercial Vice President position in a parametric table to easily access and administer the user's ID when call for. This parameter table is associated with the Purchase Request Process.
In step four of the Process Wizard, select the Activity Actions to create an expression On Enter of the Activity.
The expression adds the Vice President to the list of privileged users. The Vice president's ID is located in the parametric table previously created and assigned to a variable. This variable, in turn, is passed to the function call that grants the access.
//Obtain VicePresident User
var parameters = new FilterParameters();
ViceId=CHelper.getEntityAttrib("Userwithaccess","Usertograntaccess","Code = @Code",parameters);
//Grant access to VicePresident
Expression to add multiple privileged users
In a Purchase Request Process we need to restrict the information to only allow privileged users to access the case (creator and assignees). Additionally we wish to include the Commercial Vice President and the President, who both has no assignment in such case, as privileged users. Therefore the users must be added using an expression. To do this, we store both users, Commercial Vice President and President, in a parametric table to easily access and administer the user's ID when call for. This parameter table is associated with the Purchase Request Process.
In step four of the Process Wizard, select Activity Actions to create an expression On Enter of the activity.
The following expression adds all users found in the parametric table, that is the President and Vice President. The user ID of each record found in the parametric table is stored in an array. This array is passed to the function call to add the privileged users.
//Obtain list of all users in the 'Users with access' table
UserstoAdd = Me.getXPath("entity-list('Userswithaccess', '')");
//Go through the list
for (Counter=0; UserstoAdd.size()>Counter;Counter++)
//Validate there are no duplicities
//Grant Access to users