cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security Roles related to Business Roles

Former Member

on ‎11-22-2012 4:31 PM

0 Kudos

Hello

I have a requirement to only show data specific to the business role that the user is logged into at that moment.

Example:

The PFCG role A is linked to Business Role A and allows the user to see data in Sales Organisation A.

The PFCG role B is linked to Business Role B and allows the user to see data in Sales Organisation B.

The user has both PFCG role A and B assigned in their user profile.

If they log into the WUI in Business Role A, they will still be able to see data from Sales Organisation B (in addition to the intended data from Sales Organisation A) because they have Role B with that access assigned in their profile even though they are not logged into Business Role B.

*

Question: is there any way that even though the user has multiple PFCG/Business Roles assigned to them granting access to data from multiple sales orgs they can only see data relevant to the Business Role they have logged into?

It is really difficult to explain exactly what I mean but any thoughts are welcome!

Cheers

Gavin

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

OttoGold
Active Contributor
‎11-23-2012 10:20 AM
0 Kudos

Hi,

I am sure I don`t understand what you want to do, but try anyway. For the record I don`t understand the reason for this request either, because that sounds like switching users at runtime with one user only.

From the authorization perspective:

Once you are logged on with a user with ten roles, you have all permissions from all roles. The only way how to "change roles" at runtime would be to change the user buffer at runtime.

a) I am sure that`s not a good idea

b) I am NOT sure how this can be even done via some APIs. Doing it without an API is out of the question.

User buffer gets refreshed during the logon. So you would have to do something like

a) remember the user roles and all except the one for the current "role" (in your role playing game) all others wack away.

b) refresh the user buffer according to roles which are assigned to the user now (so that would be your one role I guess)

you could theoreticaly build a "self-service tool" for the user so he can control this himself. Something like: list of roles assigned to him and a button to deactivate the role. Then run code I described above. But how to do it? I don`t know..

Before we go any further, can you please explain what is the reason and background for the request?

Show replies
Show replies
Ask a Question