Question

FSM 6.8 - Person Access Group

  • 17 May 2021
  • 4 replies
  • 260 views
ZRZJOLIVEIRA
Rank
Userlevel 3
Badge +7

Hi,

 

Does anyone knows if there is some bug on FSM 6.8 regarding access control for Person records?

We are using Access Group on every record and Roles to control the access for each user (companies), nevertheless, for Person all users can see all records.

 

Best regards,

João Oliveira
This topic has been closed for comments

4 replies

Kalpani Dissanayake
Rank
Userlevel 6
Badge +20

Hi @ZRZJOLIVEIRA,

 

I have tested this in FSM 6 update 8 environment with attached test plan and it seems there is no bug related to person access groups. Please refer the attached document with screen prints. 

 

Let me know the test plan that you are following using access groups, so that I may help. Many thanks.

 

Kind regards,

Kalpani

1 Attachment
Kalpani
Ruchira Jayasinghe
Rank
Userlevel 5
Badge +7

The Assign Group concept can be demonstrated as below.

  • The “Access Groups” needs to be defined in the “Global Codes” and I have defined 2 for this demonstration.
  • These Access Groups can be used later in the application to access categorization.
  • I have 2 Roles as RUCJLK-ROLE1 and RUCJLK-ROLE2 and assigned RUCJLK-AG1 and RUCJLK-AG2 respectively.
  • I have created 2 users RUCJLK_USER1 and RUCJLK_USER2 and assign RUCJLK-ROLE1 and RUCJLK-ROLE2 respectively.
  • Therefore, the logical structure can be shown as below.
  • Then, I have created 3 different records to demonstrate the visibility.
  • When the Access Group is set in the person window. It states that the particular person is part of the assigned access group. (E.g.: The Person RUCJLK_RES_1 is a part of the Access Group RUCJLK-AG1).
  • This is indicated in the PERSON Table as below.
  • Now, when you log into the system using RUCJLK_USER1 only the RUCJL_RES_1 (Which is set to RUCJLK-AG1) and RUCJLK_RES_3 (No Access Group) will be visible.
  • And when you log in the system using RUCJLK_USER2 only the RUCJL_RES_2 (Which is set to RUCJLK-AG2) and RUCJLK_RES_3 (No Access Group) will be visible.
  • This can be further demonstrated as below.

     

  • As the bottom line, the records that set the access group as “X” and the records with no access group defined, will be visible to the users with the role which carry the “X” assess group.
Kalpani Dissanayake
Rank
Userlevel 6
Badge +20

Hi @ZRZJOLIVEIRA,

We identified an issue with access groups in the mass update button in the task screen of web client. Below is the test plan.

 

1. Create a person record (USER01) and assign access group as AG1.

2. Then assign a role to that person (ROLE1) > assign AG1 to ROLE1.

3. Create a person record (USER02) and assign access group as AG2.

4. Then assign a role to that person (ROLE2) > assign AG2 to ROLE2.

5. Then log into the smart client using USER01

6. You cannot see USER02 person record

7. Then log into the web client > task screen

8. Enter search criteria and click mass update button.

9. in the owner field click on magnifying glass and add USER% and search

10. You are able to see both USER01 and USER02 records.

11. Since USER02 belongs to different access group, you should not be able to see that user record.

12. IF you select USER02 and run the mass update button, record will not updated with USER02.

13. But we need not to see USER02 as a suggestion when we search in the mass update button. and this issue has been already reported to PD team for investigations. Hope this helps.

 

Kind Regards,

Kalpani.

Kalpani
ZRZJOLIVEIRA
Rank
Userlevel 3
Badge +7

Hi,

 

First of all thank you @Kalpani Dissanayake for your support!

 

I think the issue is that the baseline mass update button/Owner field in Task Screen opens the Team Member lookup, instead of Person Lookup (like the Owner in search list).

If you check the table TEAM_MEMBER there is no ACCESS_GROUP column, therefore it is not possible to control the access for different Roles/Users.

 

The workaround we have is to change the lookup navigation for every owner field (pointing it to the person record instead). 

 

Best regards,

João Oliveira
Terms & ConditionsCookie settings