Hi community,
Scenario is as follows:
User1 -> having Role1 -> Access "GENERAL TRAINING" data
User2 -> having Role2 -> Access "HEALTH CARE" data
User3 -> having (Role1, Role2) -> Access ("GENERAL TRAINING", "HEALTH CARE" ) data
Configuration of Domain Security File:
<!-- Access for GENERALTRAINING user --> <resourceAccessGrant id="JoinTree_1_ROLE_AACP_GENERALTRAINING_row_grant"> <principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_GENERALTRAINING'] }</principalExpression> <filterExpression>public_courses.role in ('GENERALTRAINING')</filterExpression> </resourceAccessGrant> <!-- Access for HEALTHCARE user --> <resourceAccessGrant id="JoinTree_1_ROLE_AACP_HEALTHCARE_row_grant"> <principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_HEALTHCARE'] }</principalExpression> <filterExpression>public_courses.role in ('HEALTHCARE')</filterExpression> </resourceAccessGrant> <!-- Access for GENERALTRAINING, HEALTHCARE user --> <resourceAccessGrant id="JoinTree_1_ROLE_AACP_GT_HC_row_grant_40"> <principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_HEALTHCARE'] } && authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_AACP_GENERALTRAINING'] }</principalExpression> <filterExpression>public_courses.role in ('GENERALTRAINING') or public_courses.role in ('HEALTHCARE')</filterExpression> </resourceAccessGrant>
Issue is, when User3 is logging in he's able to see only "GENERAL TRAINING" data, where as he's having privileges to acces the data of both "GENERAL TRAINING" and "HEALTH CARE".
How to configure the XML, so that user with both the roles access the data accordingly.
Note: For users with single role it is working as expected.
Thanks & Regards
JasperExplorer
0 Answers:
No answers yet
Your principalExpression should look like as below -
Did you make it working?