nicped
commented
5 months ago This is actually by design... To help you not get into trouble. We see a lot of personal permissions and requests like replace user usera with userb in permissions....
Open ivaigor96 opened 5 months ago
nicped
commented
5 months ago This is actually by design... To help you not get into trouble. We see a lot of personal permissions and requests like replace user usera with userb in permissions....
ivaigor96
commented
5 months ago This is actually by design... To help you not get into trouble. We see a lot of personal permissions and requests like replace user usera with userb in permissions....
I am not sure I follow The customer will never mess with permissions, we need this for our custom features to restrict access to pages based on some criteria like a field value for example Right now we have to add users to groups to achieve permissions But the user should be in a group then based on a field value or some other logic decided during custom development, so then we have to use smart searhes and queries on these user groups The user and group type is something that the customer will never will mess with, it's for our own internal use, and it can be easily changed. It's either this, or some other field value that we can set on a user Setting a value or user and group type on a user via integration or custom code is easier than adding and removing users from user groups
nicped
commented
5 months ago But why not spend 2 mins creating a group structure with roles - and use that. It is so much easier for you in the long run....
Also - you can see we have another thread here with 6500 users in an assortment. You will run into performance problems using this approach. And the solution will become a mess.
Use groups.... Pls. You will like it in the long run
nunoaguiar
commented
4 months ago Hi Nicolai,
What @ivaigor96 is saying is the ability to choose by user and group types (not actual users)
I guess currently what it would save us is the need to create dummy groups called "All users of user Type X" (i.e. "All Customers"), which is what we end up having to do sometimes. @ivaigor96 We handle a lot of integration scenarios but end up putting all imported users into an "All Customers" or "All Logins" user group. Wouldn't that solve for your situation?
That said, I don't run into a lot of these scenarios myself (having to select 'All'), as we end up needing to have a smart search anyway (pointing to a user group and we use that one instead). We use "Roles" groups (whether manually populated / by integration OR through a smart search).
ivaigor96
commented
4 months ago @nunoaguiar I tried putting a smart search on a group and then setting that group as a target of permissions - but that didn't work. I also ran the "rebuild user smart search" task with no avail. This might be a DW10 case, maybe even a bug that the smart search on a group was not picked up by permissions, it seems to be only working for the users UI. I haven't looked into the source code so I don't know how it's supposed to work.
@nicped it's not about simply creating and adding users to these groups, the users can come from the integration and sometimes from custom front end UI that creates or edits these users, meaning that we have to maintain the user to group relations, which is a bit more steps than simply having a field like user and group type that we can set a permission on. I do understand your concerns about performance, we need to get the populate groups from smart search in DW10 working correctly and run the scheduled task every 1 minute, that will be the closest we can get to solve our cases
When setting up the permissions we can chose a user group or user role only It would be helpful if we could setup permissions also for user and group types