1 user can have multiple roles

I am suppose to hide a menu item if user is system owner. But here user can have various roles.

For example John Doe could be system owner as well as project manager.

But credentials he is using to login are same.

That's why currently even if he logs in as Project manager the menu item is hidden.

Which is not expected.

What could be solution to this?

mvp_badge
MVP
Solution

Hi Albatross,

For such situation where the decision has to be made based on for what purpose user is logging in when he has multiple roles (in your case a user can login as systems owner or project manager) you can grant or remove the roles dynamically based on the role selection during login.

There are actions available to grant and revoke role at runtime.


Regards,

-PJ_

mvp_badge
MVP

Hi Albatross,

As per my understanding for the mentioned case, I think it's all about how you define the condition to show/hide the respective menu item. For the mentioned requirment the conditional check expression value should be as shown below i.e. with Or clause

Conditional Expression:

CheckSystemOwnerRole(UserId:) or CheckProjectManagerRole(UserId:)


Hope this helps you!


Kind regards,

Benjith Sam

I thought the same but these people user Role list. 

Outsystem roles are not used.

Hence can't use these functions 

Champion

Hi Albatross,

I think it's normal behavior. Because John Doe has the system owner role, so the menu will be hidden.

What do you mean by "logs in as Project manager"? How the app can determine the user login as the Project manager or the System Owner

Kind regards,

We can probably pass username and check rights for that user.

Combination of role and access rights in if maybe I am thinking.

Or another approach could be to ask user details and role before login

Champion

Hi Albatross

I am glad you already found the solution. But to be honest, I don't think dynamically remove roles is a good idea. Because if you remove the role programmatically then you can't log in as System Owner anymore.

Kind regards,



Would it not make more sense to show / enable things when you have a certain role, instead of hiding things when you have a specific role? It'll be more secure in any case. 

Image someone with bad intentions being logged in with an account without any roles, then he would see all menu options?

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.