How to set a Tempo Report Security done on a Data Store?

Hello to everyone,

I have a question regarding how to set a Tempo Report Security done on a Data Store and not on an active process:

If I create a report on an active process i can drive the security as i wish using the node "Modify Process Security", so for example i can make a specific istance visible by one ore more users, but not by others.

There is a similar way to do so on a Report made starting from a Data store? and what about a Record done departing from the same Data store? In Other words there are some sail functions that help me to set a more specific security?

Thanks

OriginalPostID-203859

OriginalPostID-203859

  Discussion posts and replies are publicly visible

Parents
  • To the best of my knowledge and as per my analysis, the approaches put forward in the last two comments may not work as intended. As per the problem statement, I could see that one to one isn't possible with supervisor role. Because a supervisor is indirectly derived from a country and in-fact, a country can have more than one supervisor. And country(or countries) is dependent on requestor and I believe there can be more than one country depending on the requestor (requestor name – 1+ country, as said by author of the post). In this case I don't think it is possible to create a view where a request can also hold the country(ies) (one-many between requestor and country), and supervisor(s) (one-many between country and supervisor). We can include the details in the view by using functions namely GROUP_CONCAT etc, but such a view won't be helpful while applying filters against each record.

    @marcoc Hi, I would like to put forward two ways here, where once can be used in filtering the Records in the Record Type and other in obtaining the data from Requests Entity where you may use in a Report.

    >> Record Type:

    You need to derive the identifiers based on the user's role and these identifiers should be applied as filter on the Record Type. Create a rule that derives record identifiers based on the username as follows:

    Name: getRequestIdsFromUserName

    Inputs:
    1. userName

    if(
              ri!userName is requestor,
              {<get the array of request_id from request entity where ri!userName is requestor>}
              if(
                        ri!userName is manager,
                        {<get the array of request_id from request entity where ri!userName is manager>},
                        if(
                                  ri!userName is supervisor,
                                  with(
                                            local!countryIds: <get the array of country_id of which ri!userName is supervisor>,
                                            {<get the array of request_id (identifier of Requests) whose corresponding country_id(or array of country_id) is found in local!countryIds>}
                                  )
                                  {}
                        )
              )
    )

    Finally the above rule should be used in Default Filters as follows: "request_id" "in" rule!getRequestIdsFromUserName(userName:fn!loggedInUser())

    A problem with this approach is that the queries can be costlier in case of supervisor and it hampers performance in case when huge datasets are to be returned. An alternative is that you can turn the Entity Backed Records into Service Backed where you will observe performance and flexibility (downside is that, configuration of Service Backed Records consumes more time) and you can see some threads in the forum that talk about these cases.

    >> Query Requests datastore entity and get data that needs to displayed in an area other than Record

    filter: if(
                                  loggedInUser is requestor,
                                  a!queryFilter(
                                            field: <field_name of requestor>,
                                            operator: "=",
                                            value: loggedInUser()
                                  ),
                                  if(
                                            loggedInUser is manager,
                                            a!queryFilter(
                                             field: <field_name of manager>,
                                             operator: "=",
                                             value: loggedInUser()
                                            ),
                                            if(
                                                      loggedInUser is supervisor,
                                                      with(
                                                                local!countryIds: <get the array of country_id of which ri!userName is supervisor>,
                                                                local!requestIds:{<get the array of request_id whose corresponding country_id(or array of country_id) are found in local!countryIds>},
                                                                if(
                                                                          local!requestIds is null,
                                                                          null,
                                                                          a!queryFilter(
                                                                           field: <field_name of identifier(primary key) of request>,
                                                                           operator: "in",
                                                                           value: local!requestIds
                                                                          )
                                                                )
                                                      ),
                                                      null
                                            )
                                  )
                        )

    The above filter has to be applied while querying Requests datastore entity and we need to bear in mind that batchSize should be effectively used when query is made with supervisor as context.

    Let's see if we could see any better approaches in subsequent comments.
Reply
  • To the best of my knowledge and as per my analysis, the approaches put forward in the last two comments may not work as intended. As per the problem statement, I could see that one to one isn't possible with supervisor role. Because a supervisor is indirectly derived from a country and in-fact, a country can have more than one supervisor. And country(or countries) is dependent on requestor and I believe there can be more than one country depending on the requestor (requestor name – 1+ country, as said by author of the post). In this case I don't think it is possible to create a view where a request can also hold the country(ies) (one-many between requestor and country), and supervisor(s) (one-many between country and supervisor). We can include the details in the view by using functions namely GROUP_CONCAT etc, but such a view won't be helpful while applying filters against each record.

    @marcoc Hi, I would like to put forward two ways here, where once can be used in filtering the Records in the Record Type and other in obtaining the data from Requests Entity where you may use in a Report.

    >> Record Type:

    You need to derive the identifiers based on the user's role and these identifiers should be applied as filter on the Record Type. Create a rule that derives record identifiers based on the username as follows:

    Name: getRequestIdsFromUserName

    Inputs:
    1. userName

    if(
              ri!userName is requestor,
              {<get the array of request_id from request entity where ri!userName is requestor>}
              if(
                        ri!userName is manager,
                        {<get the array of request_id from request entity where ri!userName is manager>},
                        if(
                                  ri!userName is supervisor,
                                  with(
                                            local!countryIds: <get the array of country_id of which ri!userName is supervisor>,
                                            {<get the array of request_id (identifier of Requests) whose corresponding country_id(or array of country_id) is found in local!countryIds>}
                                  )
                                  {}
                        )
              )
    )

    Finally the above rule should be used in Default Filters as follows: "request_id" "in" rule!getRequestIdsFromUserName(userName:fn!loggedInUser())

    A problem with this approach is that the queries can be costlier in case of supervisor and it hampers performance in case when huge datasets are to be returned. An alternative is that you can turn the Entity Backed Records into Service Backed where you will observe performance and flexibility (downside is that, configuration of Service Backed Records consumes more time) and you can see some threads in the forum that talk about these cases.

    >> Query Requests datastore entity and get data that needs to displayed in an area other than Record

    filter: if(
                                  loggedInUser is requestor,
                                  a!queryFilter(
                                            field: <field_name of requestor>,
                                            operator: "=",
                                            value: loggedInUser()
                                  ),
                                  if(
                                            loggedInUser is manager,
                                            a!queryFilter(
                                             field: <field_name of manager>,
                                             operator: "=",
                                             value: loggedInUser()
                                            ),
                                            if(
                                                      loggedInUser is supervisor,
                                                      with(
                                                                local!countryIds: <get the array of country_id of which ri!userName is supervisor>,
                                                                local!requestIds:{<get the array of request_id whose corresponding country_id(or array of country_id) are found in local!countryIds>},
                                                                if(
                                                                          local!requestIds is null,
                                                                          null,
                                                                          a!queryFilter(
                                                                           field: <field_name of identifier(primary key) of request>,
                                                                           operator: "in",
                                                                           value: local!requestIds
                                                                          )
                                                                )
                                                      ),
                                                      null
                                            )
                                  )
                        )

    The above filter has to be applied while querying Requests datastore entity and we need to bear in mind that batchSize should be effectively used when query is made with supervisor as context.

    Let's see if we could see any better approaches in subsequent comments.
Children
No Data