Non-admin users self-restricting their write access in module

Options
QZ
QZ
in Modeling

Hello,

I'm trying to build a way for users to pick their access to their own line of products so they don't see others to avoid clutter and more importantly so they don't erase data that belongs to other people.

So far I got my filters so everyone can pick their product line (A module named "Access" showing only the current user with Users/Line as dimensions and a Boolean to check; then this trickles down to individual products) and filters to display only the relevant line; however we need to run actions to copy some product data from a module to another and that's where the filter does not work.

I thought using a saved view using the line per user filter would work but apparently not (also used DCA for the origin and destination modules but it obviously does not take the user into account).

Is there a simple way to fix my DCA and/or filters and/or actions/saved views so it works or is it too tricky to have users self-restrict they access ?

Ideally I'd have an automated Boolean in the "Access" module influence the origin and destination modules (dimension is product, child of the line dimension for both) but I struggle with that.

Does anyone know how I could reach that goal ?

Thanks !

Best Answer

  • alexpavel
    alexpavel
    Answer ✓
    Options

    @QZ : If you look at the module Source and module Target and the users will have correctly setup the DCA (the cells are read-only) then you are safe.

    The DCA should prevent non-admin users to write on Products that are not allowed to write. The saved view from the source module will "try" to copy ALL cells from one module to another, but the read-only cells will be shown in the column "ignored" cells and only the cells where the user has write access will be imported source module to target module.

    However, if the very same import action is launched by a workspace admin, then in that case the DCA is by-passed. For workspace admins, the security is by-passed for import actions.

    I think this is the issue that you encountered: you tested the import action using a workspace admin.

    Hope it helps

    Alex

Answers

  • TristanS
    TristanS
    edited July 2023
    Options

    @QZ may require more info. When you said

    "however we need to run actions to copy some product data from a module to another and that's where the filter does not work."

    Question: are you copying this to a different list? a subset list? or to the same product list but only copying line items across? My gut feel is that it is copying to a different list cause I can't imagine line item copies causing an issue

  • QZ
    QZ
    Options

    Hello Tristan,

    We are not copying to a different list, the two modules involved have the same dimension (product, which is the child of the line dimension).

    Actions work to copy the data in full but I haven't managed to restrict the data to what the user has selected as their scope to see/write

    Hope that helps

  • QZ
    QZ
    Options

    Hello Alex,

    This is exactly it, I launched the action as workspace admin so I bypassed the DCA automatically. I'll need to have a user try an action for me so I can check whether it works as intended.

    Thanks a lot !

Categories