AnsweredAssumed Answered

[Custom Aveksa Entitlements] View a specific application (or directory)

Question asked by Dj4bIamQPv7HFSpC1lG08vP2ANE8fvnDUNK3hVdVlsQ= on Jul 19, 2016
Latest reply on Jan 27, 2017 by Devika Sunil

Like • Show 1 Like1
Comment • 10

Hi,

I want to create a new Entitlement that allow to a user to view all account of a specific application (Directory), I do not found Secure Object Type=Account with Action=View, so i want create an Entitlement that allow to a user to view all the application or the directory (just view)

For that i create a SecurityContext.csv file with this entry for active directory accounts

SECURE_OBJECT_TYPE,NAME,ACTION,IMPLICIT_HAS_QUERY,IMPLICIT_BS_CHANGE,IMPLICIT_BU_CHANGE,SCOPE_TABLE,SCOPE_FILTER

Directory,View Ad Directory,View,,,,t_applications,lower(name)='active directory'

Note: active directory is a directory not an application.

I grant this entitlement to a user but he can not see the directory, it display Error on Directory name

Can you please explain me how i can create the SecurityContext.csv file

Regards.

Venkata Ramana Reddy Kanaparthy

Jul 21, 2016 6:32 AM

Correct Answer

I have wrongly suggested to specify scope which caused the entitlement to be scoped to business source and was then getting automatically assigned to users when business source is edited. Please use the below one to achieve what you need (I have removed scope in middle and have changed name as well (there is some issue with creating entitlement of same name that is earlier scoped..))

Users will now get this only when explicitly granted to them.

Directory,View Active Directory,View,,,,t_applications,lower(scope.name)='active directory'

See the reply in context

No one else had this question

Outcomes

10 Replies

Venkata Ramana Reddy Kanaparthy Jul 21, 2016 6:29 AM
Mark Correct
Correct Answer
The issue here seems to be with how the query gets constructed to fetch directories when there is a security scope. The column name you have used (name) seem to get into conflict... Try changing the line to below
(adidition of scope and name changed to scope.name) and it should work...

(Editing below to correct it)

Directory,View Active Directory,View,,,,t_applications,lower(scope.name)='active directory'
1 person found this helpful
Like • Show 2 Likes2
Actions
- Dj4bIamQPv7HFSpC1lG08vP2ANE8fvnDUNK3hVdVlsQ= @ Venkata Ramana Reddy Kanaparthy on Jul 20, 2016 10:37 AM
  Mark Correct
  Correct Answer
  Hi Ramana,
  
  When i upload the file SecurityContext.csv with
  SECURE_OBJECT_TYPE,NAME,ACTION,IMPLICIT_HAS_QUERY,IMPLICIT_BS_CHANGE,IMPLICIT_BU_CHANGE,SCOPE_TABLE,SCOPE_FILTER
  Directory,View Ad Directory,View,,scope,,t_applications,lower(scope.name)='active directory'
  
  i notice that entitlement are granted to all users and i can not remove it Security Fulfillment Handler Failure
  Like • Show 0 Likes0
  Actions
  - Venkata Ramana Reddy Kanaparthy @ Dj4bIamQPv7HFSpC1lG08vP2ANE8fvnDUNK3hVdVlsQ= on Jul 20, 2016 11:54 AM
    Mark Correct
    Correct Answer
    Hi, All the users? I realized now that i have made a mistake with this suggestion. The scope was used wrongly here...
    Can you remove the line from SecurityContext file and reupload it from UI. Does that remove the entitlements from the users? If that does not work, can you give me results of below queries to understand how many users have the entitlement..
    
    select * from t_entitlements where action_name = 'View Ad Directory' and RESOURCE_NAME = 'Directory';
    
    select count(*) from t_av_explodeduserentitlements where entitlement_id
    in (select id from t_entitlements where action_name = 'View Ad Directory' and RESOURCE_NAME = 'Directory')
    and entitlement_type = 'ent' and deletion_date is null;
    Like • Show 0 Likes0
    Actions
Dj4bIamQPv7HFSpC1lG08vP2ANE8fvnDUNK3hVdVlsQ= Jul 21, 2016 5:55 AM
Mark Correct
Correct Answer
Hi,
I deleted the SecurityContext.csv file using ui, but the entitlement still in the users
The entitlement are granted for all used users
Regards.
Like • Show 0 Likes0
Actions
Venkata Ramana Reddy Kanaparthy Jul 21, 2016 6:08 AM
Mark Correct
Correct Answer
Please use below query to forcefully delete that entitlement from users.. PLEASE MAKE SURE that this only updates 12 rows (as returned by your previous query) before you make a commit.

update t_av_explodeduserentitlements set deletion_date = sysdate where entitlement_id
in (select id from t_entitlements where action_name = 'View Ad Directory' and RESOURCE_NAME = 'Directory')
and entitlement_type = 'ent' and deletion_date is null;
1 person found this helpful
Like • Show 0 Likes0
Actions
Venkata Ramana Reddy Kanaparthy Jul 21, 2016 6:32 AM
Unmark Correct
Correct Answer
I have wrongly suggested to specify scope which caused the entitlement to be scoped to business source and was then getting automatically assigned to users when business source is edited. Please use the below one to achieve what you need (I have removed scope in middle and have changed name as well (there is some issue with creating entitlement of same name that is earlier scoped..))

Users will now get this only when explicitly granted to them.

Directory,View Active Directory,View,,,,t_applications,lower(scope.name)='active directory'
1 person found this helpful
Like • Show 1 Like1
Actions
- Devika Sunil @ Venkata Ramana Reddy Kanaparthy on Jan 16, 2017 5:51 AM
  Mark Correct
  Correct Answer
  Hi Venkat,
  Would you please let me know what scope_table & scope_filter can be used to customize access to:
  1. Reports based on names, scope and filter conditions
  2. Reviews based on their names & business source
  Like • Show 0 Likes0
  Actions
  - Venkata Ramana Reddy Kanaparthy @ Devika Sunil on Jan 17, 2017 5:27 AM
    Mark Correct
    Correct Answer
    Please check below videos on how to use the custom security entitlements...
    
    Explaining Aveksa Security Entitlements (SecurityContext.csv file)
    Creating custom aveksa entitlements
    Like • Show 0 Likes0
    Actions
    - Devika Sunil @ Venkata Ramana Reddy Kanaparthy on Feb 2, 2017 1:02 AM
      Mark Correct
      Correct Answer
      Thanks. I have watched the video and I still have the same doubt. Suppose I want to provide user access to certain reports/reviews based on the report/review name, how can that be done? I tried options similar to:
      Review Definition,Admin,Admin,,,,t_av_entitlementreviewdef,lower(scope.name)='App1 Report'
      but it didn't work. I wanted to confirm what the last two fields in the csv must be to provide admin access to a specific:
      - review
      - report
      based on the name of the review/report.
      
      Venkata Ramana Reddy Kanaparthy Boris Lekumovich, would you please let me know what I'm doing wrong? I want to create custom entitlements for reviews and reports so that multiple users can have admin access to specific reports/reviews (in cases where 2 or 3 users are in charge of certain applications). Also, i don't want to create entitlements which directly get assigned to the users. Customer specifically wants all entitlements through roles.
      Like • Show 0 Likes0
      Actions
Dj4bIamQPv7HFSpC1lG08vP2ANE8fvnDUNK3hVdVlsQ= Jul 21, 2016 8:30 AM
Mark Correct
Correct Answer
thank you Ramana, it works for me
Like • Show 0 Likes0
Actions

Incoming Links

Re: Security Fulfillment Handler Failure

[Custom Aveksa Entitlements] View a specific application (or directory)

Outcomes

Related Content

Recommended Content

Incoming Links