X

It's All About the Platform.

Interrogating Security Job Roles Via Groovy Scripting

Richard Bingham
Senior Development Manager

As shown in the screenshow below, for you Custom Objects you can define the access your Job Roles have to them and their record.  This is done under either the "Role Security" common setup node in Application Composer, or under the Security node inside each custom object. In both cases you define the policies for each seeded Job Role to control what it can do to each custom object, as explained here.

The last two columns in the page are related to record access, known as Data Security (can I view/update/delete just records I created or those created by others too). For Standard Objects all this is already setup in APM and may be customized using predicates

 

Sometimes, however, the built-in security on the object is not enough, especially where you are extending the functionality and adding new features that you'd like to secure. To do this you can programatically access the list of Job Roles assigned to a Sales Cloud user (known as a Resource) and include the associated logic in logic control statements in your script. 

In the following illustrative example, when the button is pressed to launch our custom logic first the script instatiates a Resource View Object instance for the current user (querying by PartyId) and the Roles attribute is accessed (the red line) and checked against a predefined list. Of course where we have printed output you could then call your main Object or Global Function.

When pressed it results in the following printed output, which shows my user has one of the roles and could be trusted to run whatever ABC process might be, such as getting or sending data via an integration to an external system.

Here is the related script: 

def vo = newView('Resource');
def vc = vo.createViewCriteria()
def vcr = vc.createRow()
def vci1 = vcr.ensureCriteriaItem('PartyId')
vci1.setOperator('=')
vci1.setValue(adf.util.getUserPartyId())
//Note you could just use the USERNAME attribute of the 
//Resource object also in your query.
vc.insertRow(vcr)
vo.appendViewCriteria(vc)
vo.executeQuery()
if(vo.hasNext()) {
 def r = vo.next()
 def x = r?.Roles.toString()
 println(adf.context.getSecurityContext()?.getUserProfile()?.getUserID() 
 + " roles are :" + x)
 if (x == 'Operation Executive' || x == 'Operation Supervisor' || 
  x == 'Sales Administrator') 
  {  println("You are Authorized")  }  else  
  {  println("Not Authorized")  } }

In addition the following script extract does a simple security check. Here was have already created a resourceView VO object on the Resource in the same way as above, and we get the Roles attribute data and check it along with the value of a custom field. Note that after throwing a ValidationException your scripts will end automatically, so not further control code is required.

 

 

 

userRoles = resourceView.next().getAttribute('Roles')
if (userRoles == 'MyCustomRoleAdmin' && MyCustStatusField_c == 'N')
def msg="Not appropriate action. Please contact the Administrator."
throw new oracle.jbo.ValidationException(msg)
}

 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.