Super User is coming when filtered with a particular role in the aggregate
Question

Hi,

I've a situation where I need to load the dropdown with the users with a particular application role, I've filtered the aggregate by adding User_Effective_Role but super user is also coming as it'll get assigned with all application roles.



Thanks,

Sai.

Hello @Jeevan Sai ,

You can solve this by two ways.

1. You can have a separate Entity(AppUser) with a Single UserID Attribute, so right after creating each user you should write a logic for adding that UserId into Local Entity (AppUser), thereafter you can use the AppUser Entity where your application super user will not present here.

Above procedure needs extra logic and most probably you should have a logic to create users manually but not through users application.

2. Create a Dummy Role say DupRole and don't assign application users to this application and apply filter now


Hope this helps you!


With Regards,

Sandeep.

First approach worked for me


Thanks. 

mvp_badge
MVP
Solution

Hi Sai,


If you don’t want super users to show up on your queries, you will need to filter them out. If you know what users are super users, you can simply use their ids or usernames (if unique) on a filter.

The safest way of doing it however is with an inner query  getting all the User Ids of users with the SuperUser role, paired with a NOT IN as part of your SQL statement’s WHERE clause (yes, you would need to use the SQL tool instead of an Aggregate): you would want all users with a certain role, whose Id is not in the set of Users that have the SuperUser role.

Something along these lines (focused only on the extra bits to exclude super users, and done without checking any of the entities or attributes, so might not be 100% accurate):

SELECT



WHERE

    …

 AND {User}.[Id] NOT IN (

        SELECT {User_Effective_Role}.[UserId]

        FROM {User_Effective_Role} 

        WHERE {User_Effective_Role}.[RoleId] = @SuperUserRoleId

    )

Hope this helps

Hi thanks for the response, 

Will the Id of the superuser remains same across the environments, so that we can safely deploy code, but if ids of the superuser changes dev to uat and then prod then it would be difficult

mvp_badge
MVP

Being a super user is having the SuperUser role… so no, super user ids are not guaranteed to be the same between environments (and the super users can change by simply granting or revoking that role to users).

If your organization has a policy regarding super user’s usernames you could use that instead (for instance, you may have a policy that states all super users in any environment must have usernames that start with “admin”).

The approach that I recommended as safest (using SQL) always works: no matter who the super users are… they will always be excluded.

Hello @Jeevan Sai ,

You can solve this by two ways.

1. You can have a separate Entity(AppUser) with a Single UserID Attribute, so right after creating each user you should write a logic for adding that UserId into Local Entity (AppUser), thereafter you can use the AppUser Entity where your application super user will not present here.

Above procedure needs extra logic and most probably you should have a logic to create users manually but not through users application.

2. Create a Dummy Role say DupRole and don't assign application users to this application and apply filter now


Hope this helps you!


With Regards,

Sandeep.

First approach worked for me


Thanks. 

mvp_badge
MVP
Solution

Hi Sai,


If you don’t want super users to show up on your queries, you will need to filter them out. If you know what users are super users, you can simply use their ids or usernames (if unique) on a filter.

The safest way of doing it however is with an inner query  getting all the User Ids of users with the SuperUser role, paired with a NOT IN as part of your SQL statement’s WHERE clause (yes, you would need to use the SQL tool instead of an Aggregate): you would want all users with a certain role, whose Id is not in the set of Users that have the SuperUser role.

Something along these lines (focused only on the extra bits to exclude super users, and done without checking any of the entities or attributes, so might not be 100% accurate):

SELECT



WHERE

    …

 AND {User}.[Id] NOT IN (

        SELECT {User_Effective_Role}.[UserId]

        FROM {User_Effective_Role} 

        WHERE {User_Effective_Role}.[RoleId] = @SuperUserRoleId

    )

Hope this helps

Hi thanks for the response, 

Will the Id of the superuser remains same across the environments, so that we can safely deploy code, but if ids of the superuser changes dev to uat and then prod then it would be difficult

mvp_badge
MVP

Being a super user is having the SuperUser role… so no, super user ids are not guaranteed to be the same between environments (and the super users can change by simply granting or revoking that role to users).

If your organization has a policy regarding super user’s usernames you could use that instead (for instance, you may have a policy that states all super users in any environment must have usernames that start with “admin”).

The approach that I recommended as safest (using SQL) always works: no matter who the super users are… they will always be excluded.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.