Skip to Content
0
Nov 24, 2011 at 03:40 AM

Context Based Role Assignment

269 Views

Hi,

I am trying to set up context based roles for scenario where I have multiple stores. I created a new entry type STORE that is used for context based assignment. I have a role ROLE:STORE:MANAGER that uses STORE as context attribute. This role will have privileges with different conditional contexts. For example

Privilege Name; Conditional Context

PRIV:ERP:STORE_MANAGER_1000;1000

PRIV:ERP:STORE_MANAGER_2000;2000

I also created a guided task that allows to select a store and assign role ROLE:STORE:MANAGER to user. When I select a context/store only privileges with same conditional context types are assigned. This should be working and my problem is related to visibility after assignment.

For example I assigned ROLE:STORE:MANAGER with context/store 1000 for validity period 24/11 - 30/11. I also assigned ROLE:STORE:MANAGER with context/store 2000 for validity period 24/11 - 31/12. Now when I display roles assigned to users I can see two lines for role ROLE:STORE:MANAGER with two different validity periods but there is no context displayed for each record. I guess I could see this based on assigned privileges.

I also checked internal representation and I can see that attribute MX_CTX is used to hold all contexts during assignment in MX_PENDING_VALUE object. But it seems like this value is lost after assignment. Is this right? Or can I see somewhere context that was used for role assignment? Maybe I am just missing some basic stuff but context based role assignments seem much less useful to me without visibility of context used for role assignment.

Thanks