Forums OroPlatform OroPlatform – How do I? Questions Modify access levels model

This topic contains 1 reply, has 2 voices, and was last updated by  Mike Kudelya 8 months, 2 weeks ago.

  • Creator
  • #30810

    Konstantin Markin


    I need help with access model of entity.

    For example, I have custom entity ‘MyDocument_1’.
    I define Task, Note, Attachment extensions for it. It has active workflow. The owner user of the entity has all permissions. When workflow step are changed, I want that another user get ‘view’ permission to this entity (and save it on non-defined time). Also I want to limit visibility of attachments for all users exclude “user access list”.

    As a result, may be I will get ‘user access list’ to entity ‘MyDocument_1’ (owner + users on each steps + ability to add access to the current entity for some users)?

    The similar solution is “permissions” and “configurable permissions” of SecurityBundle. But it needed to configurable yml-file manually and reload config each time.

    Because I can’t describe my task on fluent Englsih, I give you description on native language 🙂

    Есть сущность “Мой документ”. И, например, ее конкретный экземпляр “Мой документ 1”. Эта сущность содержит расширения Задача, Заметка, Вложение. У нее есть активный воркфлоу с этапами (step). У сущности есть пользователь owner, который ее видит (‘view’ permission). При переходе воркфлоу по этапам (step), ответственный за этот этап пользователь должен также увидеть этот экземпляр (view permission) и произвести какие-то действия. Другими словами, я хочу ограничить доступ к сущности списком конкретных пользователей. В дополнение, я бы хотел ограничить область видимости вложений в “Мой документ 1” (вложения видят только те, кто имеет разрешение видеть данный документ)

    Возможно ли это сделать?

    Can I do that and how?
    I hope my task is understandable.

    Sorry for English and confusion of the thoughts 🙂

Viewing 1 replies (of 1 total)
  • Author
  • #30811

    Mike Kudelya


    You can grant the permission to view records of the ‘My Document’ entity to several users at once if all these users belong, for example, to the same business unit.

    To grant the permission, do the following:

    1. Make sure that the users to whom you want to grant the ‘View’ permission are in the same business unit as the owner of the ‘MyDocument’ entity.

    For example: if the owner of the ‘MyDocument’ entity belongs to the ‘BU1’ business unit, all other users who can view records of the entity should also belong to ‘BU1’.

    You can modify the business unit that the user belongs to on the user edit page:

    2. Assign the same role (e.g. the ‘MyDocument’ role) to all the users that you want to grant the permission to.

    3. Edit the ‘MyDocument’ role and set the ‘View’ permission of the ‘MyDocument’ entity to ‘Business Unit’.

    As a result, all users that belong to the ‘BU1’ business unit can access the ‘MyDocument’ entity.
    Also, please change the ‘View’ permission for the ‘Attachment’ entity.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.