Is it possible to have an user with multiple roles and choose to not apply entity access rules of one role to one page or list view?
0
Hello everyone, I have just started with Mendix development and was playing around in a project from XPath learning path. The thing is that I want to have one account with two roles: Employee and Manager, for user convenience. I have created a page, where employees can view their vacation requests in a list view. To make sure that they can see only their requests, I set XPath constraint for access to entity VacationRequest. [VacationManagement.VacationRequest_Submitter = '[%CurrentUser%]'] Then I created very similar page for managers where they can manage their assigned employees' requests. I have set manager's XPath constraint in entity access to see only requests where they are the approver and also all requests without an approver. [VacationManagement.VacationRequest_Approver = '[%CurrentUser%]' or not(VacationManagement.VacationRequest_Approver/Administration.Account)] Each role can access only its respective page but as expected, user with both roles can access both pages. The problem is that when this user opens the employee's page, both entity access rules are applied and a list view shows VacationRequests of both, the user and the user managed employees. This behavior can be fixed by custom microflow set as a data source for the list view, but this will inherently remove filter options (search button) from the list view. Which I then need to recreate, I guess. (It will ask me to generate controls for a microflow source, but then the search bar wont be retractable and the logic must be recreated, which is annoying.) So the questions sounds: "Is it advised to not use users with multiple roles or is it a common practice?" and "Is the only solution to this problem the custom microflow logic?" Images:
asked
Jakub Gaier
1 answers
0
Ansewr to your title-question: no, you can not.
Answer to your problem: on the User's page, add the Xpath-restriction to the datasource of the grid. This will make that grid only show the VacationRequests requested by the User. So the mindset for you: the currentuser having both roles can see the VacationRequests allowed by both Xpaths, so you have to add the limitation to the UI-element (datagrid, listview, template) instead.