The customer would like to be able to have users have different domain usergroups, eg
ContentManager
DistributionManager
here when entering Backoffice the employee would be able to select between these roles. This can be done by configuring BackoffficeRoles, so that I get this after the login screen:
This I can achieve via, eg:
INSERT_UPDATE usergroup; uid[unique = true] ; name; groups(uid) ; ; Employee ; ; employeegroup,cockpitgroup ; ; ContentManager ; ; employeegroup,cockpitgroup ; INSERT_UPDATE BackofficeRole; UID[unique = true] ; locname[lang = de] ; backOfficeLoginDisabled; authorities ; groups(uid) ; testEmployeeRole ; Test Employee Role ; FALSE ; authEmployee ; Employee ; testContentManagerRole ; Test ContentManager Role ; FALSE ; authContentManager ; ContentManager ; testDistributionManagerRole ; Test ContentManager Role ; FALSE ; authDistributionManager ; DistributionManager INSERT_UPDATE Employee; uid[unique = true]; @password[translator = de.hybris.platform.impex.jalo.translators.UserPasswordTranslator]; name ; groups(uid) ; backOfficeLoginDisabled ; testEmp1 ; *:testEmp1; testEmp1 ; testEmployeeRole ; false ; testCm1 ; *:testCm1 ; testCm1 ; testEmployeeRole, testContentManagerRole, testDistributionManagerRole ; false
Pretty simple you’d think, so far so good.
But now comes the crux. I have different Backoffice visiblity rules, search restriction, and USERRIGHTS apply for Employee, ContentManager…
eg Employee’s only are readonly, and cannot modify anything but ContentManager can.
This is done via
$START_USERRIGHTS Type ; UID ; MemberOfGroups ; Password ; Target; read ; change ; create ; delete ; change_perm UserGroup ; Employee ; ; ; ; ; Product; + ; - ; - ; - ; ... UserGroup ; ContentManager ; ; ; ; ; Product; + ; + ; - ; - ; - ...
But using the above configuration, no matter what I choose during login (ContentManager or Employee) I only get a merged user rights view. In the above example even if I choose ‘Test ContentManager Role’, still everything is readonly
Only after I remove the choice between the 3 different roles to just:
INSERT_UPDATE Employee; uid[unique = true]; @password[translator = de.hybris.platform.impex.jalo.translators.UserPasswordTranslator]; name ; groups(uid) ; backOfficeLoginDisabled ; testCm1 ; *:testCm1 ; testCm1 ; testContentManagerRole; false
then testCm1 finally will be able to work as ‘ContentManager’ by being able to edit attributes.
So has anybody an idea how to configure the BackofficeRoles and USERRIGHTS correctly, so selecting different roles in BO during login would actually also choose the correct USERRIGHTS ‘profile’?