Radicore Forum: Framework » User configuration in a VPD

Home » RADICORE development » Framework » User configuration in a VPD

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

User configuration in a VPD [message #7914]

Fri, 11 April 2025 06:49

htManager
Messages: 456
Registered: May 2014

Senior Member

What is the best solution to give a user the opportunity to create additional users in a VPD or to give an existing user a different role?
Does it make sense to copy the corresponding classes, scripts and screens into the respective app, rename them and define them as a subclass in which the restrictions such as selectable roles or the total number of users to be created are limited?

Report message to a moderator

Re: User configuration in a VPD [message #7915 is a reply to message #7914]

Sat, 12 April 2025 04:42

AJM
Messages: 2382
Registered: April 2006
Location: Surrey, UK

Senior Member

It sounds like you want to make use of the account_id column on the MNU-USER table which is descibed in menuguide/mnu_user(upd1).html

You do not need to copy any classes. If you read Implementing Virtual Private Databases you will see that all you need do is add the rdcaccount_id column to the relevant database tables in your application.

A user with a NULL value for account_id will be able to create and amend users for any account. Any other user will only be able to create and amend users with the same account_id.

Tony Marston
http://www.tonymarston.net
http://www.radicore.org

Report message to a moderator

Re: User configuration in a VPD [message #7916 is a reply to message #7915]

Mon, 14 April 2025 14:31

htManager
Messages: 456
Registered: May 2014

Senior Member

Yes, I am aware of the implementation of VPD and it works very well.
But as far as I can see, the mnu_role table does not have a rdcaccount_id column and surely this shows all available roles?
However, I would like only two roles to be selectable when a new user is created by an “account admin”. Is that possible?

Report message to a moderator

Re: User configuration in a VPD [message #7917 is a reply to message #7916]

Tue, 15 April 2025 04:49

AJM
Messages: 2382
Registered: April 2006
Location: Surrey, UK

Senior Member

Roles and tasks are not restricted to particular accounts, only users. Users with different accounts can share the same roles without any problem, therefore I do not see the need to restrict roles to particular accounts.

Tony Marston
http://www.tonymarston.net
http://www.radicore.org

Report message to a moderator

Re: User configuration in a VPD [message #7918 is a reply to message #7917]

Tue, 15 April 2025 17:51

htManager
Messages: 456
Registered: May 2014

Senior Member

That's clear to me.
But how could one solve the problem that an "admin user" is allowed to create normal users or users with limited rights in an account in the VPD?
My idea was that the "admin user" could only select these two roles when creating a new user.
Hence my idea to copy the corresponding classes and define them as sub-classes.
To understand: "normal" users are users who can carry out all functions, "restricted" users are users who should only have read rights to certain data. This data can only be released by the “admin user”.

Report message to a moderator

Re: User configuration in a VPD [message #7919 is a reply to message #7918]

Wed, 16 April 2025 05:03

AJM
Messages: 2382
Registered: April 2006
Location: Surrey, UK

Senior Member

I see no need to add some sort of classification to either roles or users so that users with a certain classification can only be given roles of a matching classification. There is no limit to the number of roles which can be created, and there is no limit to the number of roles which can be assigned to a user. It is up to the site administrator to create the right roles and assign them to the right users. Adding rules to say that "You cannot add this role to that user" is going a step too far as it is an unnecessary complication.

Tony Marston
http://www.tonymarston.net
http://www.radicore.org

Report message to a moderator

Re: User configuration in a VPD [message #7920 is a reply to message #7919]

Wed, 16 April 2025 17:37

htManager
Messages: 456
Registered: May 2014

Senior Member

I understand that.

But how to solve the following problem:

Multiple accounts can be created in an application by the site administrator.
Each account has an “account admin” who can create account users.
This means that the creation of new users can be shifted to the account managers.

If I understood correctly, Radicore is designed so that all administration is carried out by designated administrators. This would mean that creating or changing a user in a specific account can only be carried out by the overall system administrator. I would like to have an “account admin” carry out these tasks by only allowing certain roles to be selected. The account admin is allowed to create as many users as previously determined by the overall system administrator.

I hope I explained the situation correctly.

Report message to a moderator

Re: User configuration in a VPD [message #7921 is a reply to message #7920]

Thu, 17 April 2025 04:39

AJM
Messages: 2382
Registered: April 2006
Location: Surrey, UK

Senior Member

Roles are not tied to specific accounts. Only users can be tied to a specific account. Any role can be shared by any user.

There is no provision in RADICORE to restrict the number of roles which can be accessed by particular accounts, and I do not see a compleeing enough reason to add it.

Tony Marston
http://www.tonymarston.net
http://www.radicore.org

Report message to a moderator

Previous Topic:	PDF - drawing with lines
Next Topic:	Introduction to the Radicore framework

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Fri Apr 25 12:00:18 EDT 2025

Total time taken to generate the page: 0.01252 seconds