lxatstariongroup
commented
6 months ago @samatrhea We have an edge case here:
- A CDFTeam (Person Role) member is allowed to see and edit all Participants for all EngineeringModelSetups (MODIFY on both CalssKinds in Person Role).
- A CDFTeam member is allowed to edit its own data, because the access right is MODIFY_OWN_PERSON.
Because of the fact that MODIFY_OWN_PERSON Access right is set on the Person classkind, the COMET webservice only allows the user to see persons that are a participant of an EngineeringModelSetup where the logged in user is (also) a Participant for. So the logged in user is not allowed to see Persons that are NOT a participant of an EngineeringModelSetup where the logged in user is also set as a Participant. This combination makes that all Participants for all models are visible, but not all Persons "connected" to those Participants, which leads to incomplete data (red exclamation marks) in COMET IME.
JustinBourgois
A new person role called CDFTEAM was recently introduced on our server, which has most of the same permissions as Site administrator, but not quite (no account or permission management).
When a user connects with this role many participants in many models appear without a person associated to them, see below
[ { "classKind": "Participant", "domain": [ "9f48ef62-7890-4283-aa63-80206d042330" ], "excludedDomain": [], "excludedPerson": [], "iid": "4b6f80a5-6f09-4ead-a50a-821a4d571b22", "isActive": true, "modifiedOn": "2021-08-25T16:49:33.634Z", "person": "00000000-0000-0000-0000-000000000000", "revisionNumber": 1, "role": "603846ff-8180-404b-a254-1facb7ea80e6", "selectedDomain": "9f48ef62-7890-4283-aa63-80206d042330", "thingPreference": null } ]
I have not yet been able to figure out any logic behind which participants appear without a person. What my testing has revealed though is that the "Person" access right setting is partly responsible for this behaviour. Setting it to "modify" rather than "modify own person" for the CDFTEAM role fixes the issue. However, it's more complex than that, as the regular users, Concurrent Design Team Members, have the "Person" access right set to "modify own person" and the issue does not occur for them. So, it seems to be a certain combination of access rights that causes the issue.