Jump to content

Domain Security for user with 2 Roles


Balraj

Recommended Posts

Hi community,

Scenario is as follows:

User1 -> having Role1 -> Access "GENERAL TRAINING" data

User2 -> having Role2 -> Access "HEALTH CARE" data

User3 -> having (Role1, Role2) -> Access ("GENERAL TRAINING", "HEALTH CARE" ) data

Configuration of Domain Security File:

<!-- Access for GENERALTRAINING user -->        <resourceAccessGrant id="JoinTree_1_ROLE_AACP_GENERALTRAINING_row_grant">            <principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_GENERALTRAINING'] }</principalExpression>            <filterExpression>public_courses.role in ('GENERALTRAINING')</filterExpression>        </resourceAccessGrant>               <!-- Access for HEALTHCARE user -->        <resourceAccessGrant id="JoinTree_1_ROLE_AACP_HEALTHCARE_row_grant">            <principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_HEALTHCARE'] }</principalExpression>            <filterExpression>public_courses.role in ('HEALTHCARE')</filterExpression>        </resourceAccessGrant>               <!-- Access for GENERALTRAINING, HEALTHCARE user -->        <resourceAccessGrant id="JoinTree_1_ROLE_AACP_GT_HC_row_grant_40">            <principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_HEALTHCARE'] } && authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_GENERALTRAINING'] }</principalExpression>            <filterExpression>public_courses.role in ('GENERALTRAINING') or public_courses.role in ('HEALTHCARE')</filterExpression>        </resourceAccessGrant>[/code]

Issue is, when User3 is logging in he's able to see only "GENERAL TRAINING" data, where as he's having privileges to acces the data of both "GENERAL TRAINING" and "HEALTH CARE".

How to configure the XML, so that user with both the roles access the data accordingly.

Note: For users with single role it is working as expected.

Thanks & Regards

JasperExplorer

 

Link to comment
Share on other sites

  • 5 months later...
  • Replies 2
  • Created
  • Last Reply

Top Posters In This Topic

  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...