Skip to Content
0
Oct 24, 2019 at 10:19 AM

How can I configure Usergroups as selectable BackofficeRoles correctly

89 Views Last edit Oct 24, 2019 at 10:32 AM 9 rev

The customer would like to be able to have users have different domain usergroups, eg
ContentManager
DistributionManager

here when entering Backoffice the employee would be able to select between these roles. This can be done by configuring BackoffficeRoles, so that I get this after the login screen:

This I can achieve via, eg:

INSERT_UPDATE usergroup; uid[unique = true]  ; name; groups(uid)                ;
                   ; Employee            ;     ; employeegroup,cockpitgroup ;
                   ; ContentManager      ;     ; employeegroup,cockpitgroup ;

INSERT_UPDATE BackofficeRole; UID[unique = true] ; locname[lang = de] ; backOfficeLoginDisabled; authorities ; groups(uid)
; testEmployeeRole       ; Test Employee Role       ; FALSE ; authEmployee       ; Employee
; testContentManagerRole ; Test ContentManager Role ; FALSE ; authContentManager ; ContentManager
; testDistributionManagerRole ; Test ContentManager Role ; FALSE ; authDistributionManager ; DistributionManager

INSERT_UPDATE Employee; uid[unique = true]; @password[translator = de.hybris.platform.impex.jalo.translators.UserPasswordTranslator]; name ; groups(uid) ; backOfficeLoginDisabled
; testEmp1 ; *:testEmp1; testEmp1 ; testEmployeeRole ; false
; testCm1 ; *:testCm1  ; testCm1  ; testEmployeeRole, testContentManagerRole, testDistributionManagerRole ; false

Pretty simple you’d think, so far so good.
But now comes the crux. I have different Backoffice visiblity rules, search restriction, and USERRIGHTS apply for Employee, ContentManager…

eg Employee’s only are readonly, and cannot modify anything but ContentManager can.
This is done via

$START_USERRIGHTS
Type ; UID ; MemberOfGroups ; Password ; Target; read ; change ; create ; delete ; change_perm
UserGroup ; Employee ;
     ;     ;                ;          ; Product; +   ; -      ; -      ; -      ; 
...
UserGroup ; ContentManager ;
     ;     ;                ;          ; Product; +   ; +      ; -      ; -      ; -
...

But using the above configuration, no matter what I choose during login (ContentManager or Employee) I only get a merged user rights view. In the above example even if I choose ‘Test ContentManager Role’, still everything is readonly
Only after I remove the choice between the 3 different roles to just:

INSERT_UPDATE Employee; uid[unique = true]; @password[translator = de.hybris.platform.impex.jalo.translators.UserPasswordTranslator]; name     ; groups(uid)                                                           ; backOfficeLoginDisabled
                  ; testCm1           ; *:testCm1                                                                               ; testCm1  ;  testContentManagerRole; false

then testCm1 finally will be able to work as ‘ContentManager’ by being able to edit attributes.

So has anybody an idea how to configure the BackofficeRoles and USERRIGHTS correctly, so selecting different roles in BO during login would actually also choose the correct USERRIGHTS ‘profile’?