AnsweredAssumed Answered

Request Form - Access validation

Question asked by CW Moo on Jun 22, 2020
Latest reply on Sep 4, 2020 by Ian Staines

Like • Show 0 Likes0
Comment • 3

Hi,

Is there a way to determine access granted to user via a condition/validation through a request form? For example, users are allowed to select any entitlements grouped under 'Basic Access' or 'Elevated Privilege' through a request form. The “Basic access” allows users to log in and access the application. Any “Elevated Privilege” requires the user to first have the “Basic access”. If the user does not have the 'Basic access', any entitlements grouped under the "Elevated Privilege" should not be available for selection.

We want to make sure that people don’t request elevated privileges to the application until after they have already requested and received the basic access level.

Thanks.

No one else has this question

Outcomes

Dipendra Shrestha

Jun 29, 2020 2:07 PM

When creating a form, you should see :

Availability: The following users can use this form to create requests: All.

Rather than all, you can change the filter to match your filter: Basically, only user with XYZ access.

This will work for self request.

If it's not self request, you will have to do the same thing with : Changes apply to

Once this is done, users that don't match the filter will not even see the request form.

Actions

Ahmed Nofal

Jul 17, 2020 10:46 PM

Have you tried the form field enabled/display tab conditions (to put a condition of display or enablement on the privileged access form field where the condition would depend on the basic access field? maybe try putting Does <BASIC_ACCESS_FIELD> have a value for starters), however if this works correctly, everytime form runners will require to choose from the basic access table in order to either see or enable the elevated access table.

Is that what you are looking for? I'm asking because people can already have basic access and are just running the form to get elevated access. In that case, the above won't be a solution for this use case. A dropdown webservice hidden field can be used to utilize IG&L's API to find the form runner's entitlements, store it within the field where you can parse the result maybe with a javascript block or a validation JSP to stop the form from being submitted if the user ends up not having basic access.

Actions

Ian Staines

Sep 4, 2020 5:38 PM

CW Moo were you able to build an acceptable solution?

Actions

3 Replies

Dipendra Shrestha Jun 29, 2020 2:07 PM
Mark Correct
Correct Answer
When creating a form, you should see :

Availability: The following users can use this form to create requests: All.

Rather than all, you can change the filter to match your filter: Basically, only user with XYZ access.
This will work for self request.

If it's not self request, you will have to do the same thing with : Changes apply to

Once this is done, users that don't match the filter will not even see the request form.
Like • Show 0 Likes0
Actions
Ahmed Nofal Jul 17, 2020 10:46 PM
Mark Correct
Correct Answer
Have you tried the form field enabled/display tab conditions (to put a condition of display or enablement on the privileged access form field where the condition would depend on the basic access field? maybe try putting Does <BASIC_ACCESS_FIELD> have a value for starters), however if this works correctly, everytime form runners will require to choose from the basic access table in order to either see or enable the elevated access table.

Is that what you are looking for? I'm asking because people can already have basic access and are just running the form to get elevated access. In that case, the above won't be a solution for this use case. A dropdown webservice hidden field can be used to utilize IG&L's API to find the form runner's entitlements, store it within the field where you can parse the result maybe with a javascript block or a validation JSP to stop the form from being submitted if the user ends up not having basic access.
Like • Show 0 Likes0
Actions
Ian Staines Sep 4, 2020 5:38 PM
Mark Correct
Correct Answer
CW Moo were you able to build an acceptable solution?
Like • Show 0 Likes0
Actions