Project and Portfolio Management Practitioners Forum
cancel

Security based on field value?

Highlighted
Andy McMahon_1
Super Contributor.

Security based on field value?

Hey guys! 

 

I have a need for the following scenario: 

 

I have a field called "The Procurement Vehicle is:"  with two possible values, "New" or "Continued".  If the field equals "New" then two sections on my request type should not be accessible to Contract Users.  I have security groups separated, ie: Project Manager (FTE) and Project Manager (C). (Obviously where C equals Contractor.  

 

Is this scenario possible?  

20 REPLIES
erik_c
Respected Contributor.

Re: Security based on field value?

Offhand, I think I would try something like setting field level security for edit on those fields to your FTE group, and to a user-defined token of "Security Group Name" type.

Create a field on the form with that same token (actually, you'll do this part first) and validation to accept your "Project Manager (C)" security group name.

Create a rule that populates (or clears) this field with the "Project Manager (C)" security group name based on your other field's result.

This should dynamically change the access for them, but there will be some timing issues like I think there will need to be a Save action before security changes...

Andy McMahon_1
Super Contributor.

Re: Security based on field value?

whoa, that's confusing. I'll need to digest this.. I'm not sure I fully comprehend. 

erik_c
Respected Contributor.

Re: Security based on field value?

I do my best! :smileytongue:

 

All it's doing is setting the fields to be editiable by whatever security group is in the form field, and using a rule to dynamically add or remove your contractors security group to the field based on your trigger field.

AlexSavencu
Acclaimed Contributor.

Re: Security based on field value?

Erik,

 

your solution will work if the "The Procurement Vehicle is:" is filled in by another entity - not by the FTE / C security groups.

 

if the field is filled by these security groups, then your solution would not work since PPM does not evaluate request security and field level security until it is saved.

 

I am not aware of the full scenario, but if Andy's scenario assumes that the value of the "The Procurement Vehicle is:" field is present before these security groups need to act on the workflow, then your solution would definitely work.

 

cheers

alex


--remember to kudos people who helped solve your problem
dirkf
Acclaimed Contributor.

Re: Security based on field value?

Hi all,

 

another possible solution could be to create a rule that checks on the value of the field and when the field value meets a certain condition, use setFieldVisible(false) in the rule for the fields that should not be shown when the condition is met.

 

Be informed that we still have issues on this function when the field is otherwise required and then (of course) also needs the additional rule with setFieldRequired(false). I think this was fixed in 8.03 but not sure about that off-hand.

 

Best regards,

Dirk

dirkf
Acclaimed Contributor.

Re: Security based on field value?

Sorry, forgot:

1) you need to decide if the field(s) need to have the value checked on page load (which would make sense if they don't need to vanish for the same user in the moment that the condition field value changes) or field change.

2) If you make all fields of a section invisible this way, then you also automatically hide the section.

 

Best regards,

Dirk

Andy McMahon_1
Super Contributor.

Re: Security based on field value?

So, what I really want to do is drive the visability of an entire section based on the value of another field and security..  The Procurement Vehicle won't be in either of the sections I need to hide.  The only way I would have to hide the two entire sections is if the "Procurement Vehicle Field Is:" is equal to "New", AND the user's security group is equal to "Project Manager (c)"  

This would not, in anyway, effect their actions on the workflow, or any other section of the request type.  Does that make sense?

Does everyone still stand by their current solution based on that description?  

dirkf
Acclaimed Contributor.

Re: Security based on field value?

Hi Andy,

 

as long as I'm correctly assuming that the sections, based on the condition in the rule, STAY not needed for this request at a later stage and thus can stay hidden, then I stick with my statement. If condition  "Procurement Vehicle Field Is:" is equal to "New", AND the user's security group is equal to "Project Manager (c)"  in the condition, you use a UI-rule (either on page load or on field change) to hide the fields in the section, which then hides the section (header might stay) and this is kept this way unless (if field change is used) one of the conditions is changed. Thus, if you want to make sure everthing works, you might add another rule or status dependency that makes the value of the field non-editable when a certain value has been set - or maybe the field is required in that step and then the next step it is set non-editable.

 

Hope this makes sense.

Anyway, do a bit of testing beforehand to familiarize yourself with the UI-rules and results.

 

Best regards,

Dirk

Andy McMahon_1
Super Contributor.

Re: Security based on field value?

Dirk, 

 

How do I select the user's Security Group? 

Andy McMahon_1
Super Contributor.

Re: Security based on field value?


I guess another way to look at this is: 

 

I could make the field visible ONLY to every security group except the (C), and then based on field value make it visible.   Meaning, "If procurement vehicle is" is equal to "Continued" then make it visible to Contractors.  Does that make sense?  To me that is a different setting, but with the same desired outcome. Is that easier?  

 

If that doesn't make sense, could you go into more detail to your original suggested outcome? 

dirkf
Acclaimed Contributor.

Re: Security based on field value?

Hi Andy,

 

not sure if that's easier. To hide something based on one condition seems simpler to me than to hide it overall and only make it available when certain 'multiple' conditions are met. AFter all, the values for the field could contain any amount of valid values where you want to see the fields / section, but there is only ONE combination of values in the conditions upon which you want to hide them.

 

You'll have to experiment a bit to find out which one suits you best, my assumption.

 

Best regards,

Dirk

Andy McMahon_1
Super Contributor.

Re: Security based on field value?

Yah, I thought so, but wanted to think outside the box a bit to see if it sparked any ideas. 

 

So... Back to my original question.  How do I set a security group as a dependency?  

erik_c
Respected Contributor.

Re: Security based on field value?

I could make the field visible ONLY to every security group except the (C), and then based on field value make it visible.

 

Yup, this is what I was thinking with my original suggestion (which I still stand by :smileytongue:). You can set both visible & editable at the field level. However, the security change would not take effect immediately upon flipping the field's value...it would require at least a save & page reload. But if you can live with that, it would work.

 

How do I set a security group as a dependency?

 

You can't, in a rule, unless perhaps if you create a custom Java rule...or someone knows another way that I'm not aware of...?

Andy McMahon_1
Super Contributor.

Re: Security based on field value?

OK Eric. 

I'm considering this solution.  I'm just trying to wrap my head around it...

 

Set field level security granting access to whoever I want to see that section all the time. (Project Manager (FTE))
Then make a rule that makes the section visable based on field results...

I don't want to "Clear" the fields, because the values are still important, we just don't want contractors seeing them.  Does this make sense?  Does it sound like I have my head around it?

Erik Cole
Acclaimed Contributor.

Re: Security based on field value?

Set field level security granting access to whoever I want to see that section all the time. (Project Manager (FTE))

Yes. And also access to the token (of type Security Group) of the new hidden field on your page that you will create.

Then make a rule that makes the section visable based on field results...

Yes. It does this by placing the value "Project Manager (C)" into the hidden field when you select the "Continued" value on your Procurement Vehicle field, or removing it if you select "New".

Andy McMahon_1
Super Contributor.

Re: Security based on field value?

Everytime I *think* I get it, you reply! LOL.  

 

Ok. Let me digest, and play around a bit. I'll be back for questions, I'm sure of it.  

Are you saying I need to add a new field, but make it hidden, and make it populate based on field outcome of  "Procurement vehicle"?  

Erik Cole
Acclaimed Contributor.

Re: Security based on field value?

Are you saying I need to add a new field, but make it hidden, and make it populate based on field outcome of  "Procurement vehicle"?

Yes, exactly. I'll leave you alone for a while...  ;)

dirkf
Acclaimed Contributor.

Re: Security based on field value?

Hi folks,

 

I REALLY don't want to be a spoilsport, but there are several issues open with trying to populate a hidden field by a rule. Does it really need to be hidden?

 

Regards,

Dirk

Erik Cole
Acclaimed Contributor.

Re: Security based on field value?

Hi Dirk...it depends on the OP's requirements I guess, but (when) will HP be fixing this issue?

dirkf
Acclaimed Contributor.

Re: Security based on field value?

Hi Eric, @all,

 

mea culpa:

QCCR1L21280 - Rules on Page load not working

 

Overview of the problem:

I have set the status dependency of a field to required in the workbench. then, I created a UI rule to set the field as not required depending on some otehr field value. The rule is firing and in the front end, the field is shown as not required.

Issue :
Inspite of the field being displayed as not required, I am getting "Request Details/User Data container still contains required elements" error. Please note that this error does not come when I set the status dependency of the field as not required in the workbench which confirms the fact that the issue is due to this field not due to any other field or userdata.
The UI rule is set on "Page reload"

 

Solved in 7.55, 8.02 and 9.10.

 

Best regards,

Dirk