Skip to Content
0

Unable to view the UI task under self service Tab

Nov 22, 2017 at 03:58 PM

63

avatar image

Dear Experts,

Issue: An UI task should be visible to only certain users whose employment type is contractors and the task should be available under the Self service tab.

Steps I followed:

1. Created a dynamic group as below, which would be assigned to the users whose employement type is temp-contractor and visibility is maintained as ALL.

2. This dynamic group is assigned to users successfully and the query mentioned in the screenshot is returning users too.

3. later created an ui task as below and maintained as below under access control tab

As per this configuration, i expect this task to be visible under the selfservice tab in UI, but unable to see this task at all.

Please let me know if i have configured it correctly, if not let me know how to proceed further.

Thanks in Advance!

Regards,

Deva

emp.png (6.6 kB)
access.png (17.9 kB)
10 |10000 characters needed characters left characters exceeded

Hello Deva,

I can't concentrate on the question itself, when I see that you use "idmv_vallink_basic_active" for this sql statement. Please check out the following two views:

  • idmv_entry_simple
  • idmv_value_basic (also available with "_active")

With these two views the performance of your query will be sooo much better. ;)

.

The double brackets tell me, you probably used the SQL query builder to create this. Don't trust that thing, the queries it creates are aweful. :(

.

Regards,

Steffi.

0
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
Steffi Warnecke
Nov 22, 2017 at 04:21 PM
0

Hello Deva,

you wrote you can't see this task at all in the UI. The access control for the task is only for that business role and "self". Is the identity you try to open the task with added in the business role and can you open the task for your own identity under "Manage"?

.

Regards,

Steffi.

Show 4 Share
10 |10000 characters needed characters left characters exceeded

Hello Steffi,

Thanks for your response!!

Please find my answers below

Yes, I'm unable to see the task at all in UI not under manager or self service tab.

It is not business role, but Dynamic Group, as per my understanding if i maintain role/dynamic group, the users who are assigned with that role/dynamic group should be only be able to view the task. As i have selected ob behalf of relation value as self, i assume the task can be initiated only for this user alone but not for other users.

I have maintained Dynamic Group not business role. This dynamic group is assigned to the identity with which i am logging in.

Regards,

Deva

0

Hello Deva,

sorry for the confusion, I'm not using dynamic groups in task filters, but only business roles, that's why I was thinking yours was one, too. Never mind, I guess it should work with dynamic groups, too, if you can select them there. :)

Buuut your access control is: users from that dynamic group can only open that task for themselves. And there is no other access control on it.

So if you are not part of that dynamic group, you won't be able to access the task.

And if you are part of that dynamic group, but are trying to access the task not for yourself, that it can't work either.

.

So first step would be: change the access control to "Everybody" and delete the dynamic group from it, too. This way the task should be available for everybody. Then try to access it via the Manage tab.

When that works, change the access control to "On behalf of Self" and try again if you can access that task for yourself (should work) and for other identities (should not work anymore).

And if that works, add the dynamic group back and if then there are issues with the access, it's a problem with the dynamic group being used there.

Regards,

Steffi.

0

Hi Steffi,

I am part of that dynamic group, and i can see in idmv_link_ext view it is assigned to be under attribute as MXREF_MX_DYNAMICGROUP. Below is the query which i am using in the filter tab of dynamic group and the visibility of dynamic group is maintained as ALL

select distinct mcmskey from
idmv_entry_simple with (nolock) where mcmskey IN (SELECT mcmskey FROM
idmv_vallink_basic_active WHERE mcattrname='MX_FS_IDENTITY_TYPE' AND
upper(mcsearchvalue) = 'TEMP-CONTRACTOR')

Instead of dynamic group, if i maintain a role, then the task is visible under self service tab successfully, but not when i am maintaining dynamic group. Is there any other way on how we can restrict it other than role, as i cannot filter based on the role.

Regards,

Deva

0

Hello Deva,

the easiest way is just create a business role and add the dynamic role to it. You can use dynamic roles to fill business roles with users. And then just use that business role in the access control of the task.

I use that a lot for exactly this kind of control over who sees what.

.

Regards,

Steffi.

0