User management access requirement question

I have a requirement like for the user management window depending on the Role of the user I need to give access to the users. There are 4 users with roles ( manager and operator, manager, operator and no role). So when the manager logs in he should able to edit all the users along with him. when operator logs in he should be able to change only his details and when user with no role logs in he should not be able to change anything in the user management. I have used hasrole(“operator”) in the Mode of the user management, it is allowing managers to edit and operators to change only theirs but when user has both roles and no roles the expression is not working. How to make this work.

The “Mode” when you look at it in the property editor is a drop down with three options(Manage User, Edit Current, and Edit single). If you only have hasRole(“operator”) then when it is in any role other than operator it will return a 0 which will allow all users to be managed by whoever is logged in. A simple single hasRole() function won’t work for what your describing. Also since it doesn’t have an option for no role not being allowed to change anything, you would need to handle that in a different way. For that one I would set it to “Edit Current” and turn off the “Enable” bit for the object. That way they can see theirs but can’t do anything with it. I would probably do something more like:

This would be in the expression binding for the “Mode”:

if(hasRole("manager"),0,1)

This would be in the expression binding for the “Enable”:

hasRole("operator")||hasRole("manager")

With this I’m also assuming the users with manager and operator are one user with two separate roles assigned to them. If it is an actual separate role that covers someone that has both accesses then this won’t work, you would have to add another condition into both spots to handle the extra role.

I did not find the Enable bit. Is it in the user management properties. And the user with two roles should be able to edit all the users.

Its like If user ( manager and operator) or ( manager) edit all users
if user ( operator) edit only his user details

For no role option I did not find where is the Enable bit that you were mentioning.

The enable bit is the second item in the property editor:
image

With it being a seperate role then it would be like this:

if(hasRole("manager")||hasRole("manager and operator"),0,1)

You would also add the extra or to the enable bit one too.

I did not have that option.image

Change the filter from basic to all.

image

1 Like