- OneStream Community
- Forums
- Application Build
- What is the simplest way to prevent a user that is able to certify to un-certify
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
What is the simplest way to prevent a user that is able to certify to un-certify
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2020
05:41 AM
- last edited on
06-06-2023
08:14 AM
by
JackLacava
1/3/2020
What is the simplest way to prevent a user that is able to certify to un-certify : In a base input workfow I have a task requiring a certification
Therefore user are in the security group that allow ""Certification SignOff Group""
I would like that these users are able to certify but not uncertify.
(for design reason I cannot activate lock after certify functionality)
what is the simplest way to achieve this? "
- Labels:
-
Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2020 10:53 AM
Select Case args.OperationName
Case Is = BREventOperationType.DataQuality.Certify.SaveCertifyState
If args.IsBeforeEvent = False Then
'go get the certify/uncertify event and WF info
Dim wfUnitClust As WorkflowUnitPk = DirectCast(args.Inputs(1), WorkflowUnitPk)
If BRApi.Workflow.Metadata.GetProfile(si, wfUnitClust.ProfileKey).Name.XFEqualsIgnoreCase(""Some Workflow Name"") Then
Dim certifyInstance As CertifySignOffInstanceInfo = DirectCast(args.Inputs(2), CertifySignOffInstanceInfo)
'get the sign off state ""120"" = Certified
Dim signOffState As Integer = certifyInstance.SignOffState
If Not certifyInstance Is Nothing Then
'if a user is trying to uncertify
If signOffState <> 120 Then
'call out a specific user to block an uncertify event for
If certifyInstance.UserName.XFEqualsIgnoreCase(""nkroppe"") Then
Throw New XFException(si, New Exception(""Error: Unable to uncertify workflow.""))
End If
End If
End If
End If
End If
End Select
in your example, instead of blocking a specific user, could you block a user group?
Yes, you totally could! I don't have the code on hand, but you could use the brapi.Security.Authorization.IsUserInGroup(si, groupID) function to test if the user who executed the uncertifcation action is in a specific group.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2021 11:09 AM
This is another implementation that avoids hardcoded sign off states, but rather uses the workflow status to understand if the certification was done or not
'PREVENT CERTAIN USERS FROM UNCERTIFYING A WORKFLOW
'Perform the check only for the users belongig to a specific group
If brapi.Security.Authorization.IsUserInGroup(si, si.UserName, "CannotUncertify", False) Then
'Check before the action happens
If args.IsBeforeEvent Then
'Intercept current workflow information
Dim currWfInfo As WorkflowInfo = args.DefaultReturnValue
'Check if the current step is a certification step
If currWfInfo.CurrentStep.Classification = StepClassificationTypes.Certify Then
'Check if the current step is completed
If currWfInfo.CurrentStep.Status = WorkflowStatusTypes.Completed Then
Throw New XFException("You do not have the right to revert workflow certification")
End If
End If
End If
End If
