How can I check Application permissions in Agile API
Hi,
I am running
... /ApplicationBuilder/eFormRender.html?Process=" .....
from my cshtml ( in MVC C# application)
and getting error : User ... does not have Initiate Process permission
for this process model. Please contact system administrator.
The Question is : how can I check permissions for Application and
do not show it in my Applications list.
Please help!
Eliahu.
-
Eliahut,
You can call the api "/Extension/GetReleasedMyApps/false" which will give you the list of apps for which the current user (the user calling the api) has initiate permissions.
That way you don't have to check the permissions at your end, AgilePoint will check it and give you the result.Thanks.
-
I have a similar question about app permissions. Is there any place in the AgilePoint database where I can see what users and groups are assigned initiate permissions to an app?
I often get asked to provide a list of all users who have access to initiate an application. When I get this type of request, I have been going to the Permissions screen in the App Builder to get a list of Groups and Users who have Initiate permissions. Then I go to the AgilePoint database and query the Group Members table to get a list of persons assigned to the groups. Once I have this information, I can put together a list of all the users who can initiate the app.
Doing this is tedious and time-consuming. I would like to develop a report or a query where I can pass it the application name and the report or query returns back a list of all the users who can initiate the app. The problem is, I have not been able to find a table in the APDB database that has the list of users and groups with Initiate permissions for an app.
-
This involves multiple tables.
- Get the BASE_DEF_ID of the process model in interest (Note that, process initiator permission is set at individual process model level)
SELECT [BASE_DEF_ID] FROM [AP_Workflow_DB].[dbo].[WF_PROC_DEFS] where DEF_NAME="MyProcessModel'
- Get the SecurityGroupID
SELECT [ID] FROM [AP_Workflow_DB].[dbo].[WF_SECURITY_GROUPS] where OWNER_ID=<BASE_DEF_ID from #1> and NAME='ProcessInitiators'
- Get the security group members
SELECT * from [AP_Workflow_DB].[dbo].[WF_SECURITY_GROUP_MEMBERS]
where SECURITY_GROUP_ID='<Security group id from #2>'- The records returned by #3
- If ASSIGNEE_TYPE = Group, and ASSIGNEE = *, then all users in the system has the permission.
- If ASSIGNEE_TYPE = Group, and ASSIGNEE = <groupName>, then get the group members
- SELECT [MEMBER] FROM [AP_Workflow_DB].[dbo].[WF_GROUP_MEMBERS] where NAME = <groupname>
- Id ASSIGNEE_TYPE = User then ASSIGNEE will have the individual username.
You may build the complex query out of this. Hope this helps.
-
Sanjay - Thank you very much!! This is awesome. Below is the query I developed. You simply plug in your process model name into the @DEF_NAME scalar variable and the query will return back a list of all users who can initiate the process. It returns both the User Name and Full Name of the persons.
I did add a condition when querying WF_PROC_DEFS to only include STATUS = 'Released' in order to get only the latest active version of the process.
I did not put logic in this query to handle the "All Users" scenario (ASSIGNEE_TYPE = Group and ASSIGNEE = *). We don't have any apps that we have opened up to All Users. And even if we did, I would not need to use this query since everyone would have access to the app.
declare @DEF_NAME nvarchar(256);
set @DEF_NAME = 'Process Model Name';select gm.MEMBER as USER_NAME, ru.FULL_NAME as FULL_NAME
from WF_GROUP_MEMBERS gm
join WF_REG_USERS ru on gm.MEMBER = ru.USER_NAME_UPCASE
where gm.NAME in
(
select ASSIGNEE
from WF_SECURITY_GROUP_MEMBERS
where ASSIGNEE_TYPE = 'Group'
and SECURITY_GROUP_ID =
(
select ID
from WF_SECURITY_GROUPS
where NAME = 'ProcessInitiators'
and OWNER_ID =
(
select BASE_DEF_ID
from WF_PROC_DEFS
where DEF_NAME = @DEF_NAME
and STATUS = 'Released'
)
)
)
UNION
select USER_NAME_UPCASE as USER_NAME, FULL_NAME as FULL_NAME
from WF_REG_USERS
where USER_NAME_UPCASE in
(
select ASSIGNEE
from WF_SECURITY_GROUP_MEMBERS
where ASSIGNEE_TYPE = 'User'
and SECURITY_GROUP_ID =
(
select ID
from WF_SECURITY_GROUPS
where NAME = 'ProcessInitiators'
and OWNER_ID =
(
select BASE_DEF_ID
from WF_PROC_DEFS
where DEF_NAME = @DEF_NAME
and STATUS = 'Released'
)
)
)
Please sign in to leave a comment.
Comments
4 comments