Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
We use DMS Authorisation and use Custom users. I need a Custom user to be able to have ADMIN access rights to a document combined with other Customer users that must have simple USER access rights to certain subsets of data. I have implemented Section access to accomplish this but as soon as I try and login using the CUSTOM\DEMO user account and click on the document it gives me a "Failed to open document, You don't have access to this document" message.
Below is my script, strangely if I substitute the * symbol with an actual numeric value for the IDENT field such as 12, I am then able to view the document and the data is restricted accordingly. What am I doing wrong? Any assistance will be greatly appreciated.
STAR is *;
Section Access;
USERSLOCAL:
LOAD * INLINE [
ACCESS, NTNAME, IDENT
ADMIN, CUSTOM\DEMO, *
];
Section Application;
USERACCESS:
LOAD * INLINE [
IDENT, CompanyFreqID
12, 51
12, 52
13, 61
13, 62
13, 64
];
LOAD * INLINE [
CompanyFreqID, Company
51, Company A
52, Company B
61, Company C
62, Company D
64, Company E
];
The script below should work. "All other values" means the other values in the USERSLOCAL table, i.e. in your script no other value of IDENT. If you had had a couple of other lines in this table, the star would expand to the values of IDENT on these lines.
Section Access;
USERSLOCAL:
LOAD * INLINE [
ACCESS, NTNAME, %IDENT
ADMIN, CUSTOM\DEMO, <ALL>
USER, CUSTOM\USER, 12];
Section Application;
USERACCESS:
LOAD * INLINE [
IDENT, CompanyFreqID
12, 51
12, 52
13, 61
13, 62
13, 64];
BridgeTable:
Load IDENT, IDENT as %IDENT resident USERACCESS;
Load IDENT, '<ALL>' as %IDENT resident USERACCESS;
HIC
Unfortunately the star does not expand to all possible values. It expands to all values in the same table, only.
I would use a generic key instead, e.g. "ALL" and map this to all IDENT. See more in the Tech brief on Generic Keys.
HIC
Thanks for your reply, however, I am still unsure what you mean by it "expands to all values in the same table, only". Can you please describe in my example what the "same table" is? I have worked through the tech brief but too be honest I still do not see how I can restrict some users to certain reocrds and others to see all data? I would really appreciate if you could demonstrate by means of an example. Thanks in advance
The script below should work. "All other values" means the other values in the USERSLOCAL table, i.e. in your script no other value of IDENT. If you had had a couple of other lines in this table, the star would expand to the values of IDENT on these lines.
Section Access;
USERSLOCAL:
LOAD * INLINE [
ACCESS, NTNAME, %IDENT
ADMIN, CUSTOM\DEMO, <ALL>
USER, CUSTOM\USER, 12];
Section Application;
USERACCESS:
LOAD * INLINE [
IDENT, CompanyFreqID
12, 51
12, 52
13, 61
13, 62
13, 64];
BridgeTable:
Load IDENT, IDENT as %IDENT resident USERACCESS;
Load IDENT, '<ALL>' as %IDENT resident USERACCESS;
HIC