Forum Discussion

OSAdmin's avatar
OSAdmin
Icon for OneStream Employee rankOneStream Employee
6 years ago

What is the simplest way to prevent a user that is able to certify to un-certify

Originally posted by Geoffroy des Dorides

1/3/2020

What is the simplest way to prevent a user that is able to certify to un-certify : In a base input workfow I have a task requiring a certification

Therefore user are in the security group that allow ""Certification SignOff Group""
I would like that these users are able to certify but not uncertify.
(for design reason I cannot activate lock after certify functionality)
what is the simplest way to achieve this? "

Security

2 Replies

  • OSAdmin's avatar
    OSAdmin
    Icon for OneStream Employee rankOneStream Employee
    6 years ago
    Originally posted by Nick Kroppe

    Select Case args.OperationName
    Case Is = BREventOperationType.DataQuality.Certify.SaveCertifyState
    If args.IsBeforeEvent = False Then
    'go get the certify/uncertify event and WF info
    Dim wfUnitClust As WorkflowUnitPk = DirectCast(args.Inputs(1), WorkflowUnitPk)
    If BRApi.Workflow.Metadata.GetProfile(si, wfUnitClust.ProfileKey).Name.XFEqualsIgnoreCase(""Some Workflow Name"") Then
    Dim certifyInstance As CertifySignOffInstanceInfo = DirectCast(args.Inputs(2), CertifySignOffInstanceInfo)
    'get the sign off state ""120"" = Certified
    Dim signOffState As Integer = certifyInstance.SignOffState
    If Not certifyInstance Is Nothing Then
    'if a user is trying to uncertify
    If signOffState <> 120 Then
    'call out a specific user to block an uncertify event for
    If certifyInstance.UserName.XFEqualsIgnoreCase(""nkroppe"") Then
    Throw New XFException(si, New Exception(""Error: Unable to uncertify workflow.""))
    End If
    End If
    End If
    End If
    End If
    End Select
    in your example, instead of blocking a specific user, could you block a user group?

    Yes, you totally could! I don't have the code on hand, but you could use the brapi.Security.Authorization.IsUserInGroup(si, groupID) function to test if the user who executed the uncertifcation action is in a specific group.

  • tsandi's avatar
    tsandi
    Icon for OneStream Employee rankOneStream Employee
    4 years ago

    This is another implementation that avoids hardcoded sign off states, but rather uses the workflow status to understand if the certification was done or not

    'PREVENT CERTAIN USERS FROM UNCERTIFYING A WORKFLOW
'Perform the check only for the users belongig to a specific group
If brapi.Security.Authorization.IsUserInGroup(si, si.UserName, "CannotUncertify", False) Then
	'Check before the action happens
	If args.IsBeforeEvent Then
		'Intercept current workflow information
		Dim currWfInfo As WorkflowInfo = args.DefaultReturnValue
		'Check if the current step is a certification step
		If currWfInfo.CurrentStep.Classification = StepClassificationTypes.Certify Then
			'Check if the current step is completed
			If currWfInfo.CurrentStep.Status = WorkflowStatusTypes.Completed Then
				Throw New XFException("You do not have the right to revert workflow certification")
			End If
		End If
	End If
End If