Tip:
Highlight text to annotate it
X
This video demonstrates how ClearQuest schema designers can hide actions that users are not permitted to perform.
This schema is set up with two different Access Control hooks: One on the Assign action
and one on the Resolve action.
The Assign action checks to see if the user has permission
and if not they get the generic permission denied error.
The access control hook on the Resolve
action does the same thing. It will check to see if the user has permission,
but if the user does not have permission a custom message is presented to them with some more information.
Moving over to the ClearQuest client, you can see what this looks like. If you are a user without permission to perform the Assign action
you get the generic permission denial with no helpful information.
If the you try to perform the Resolve action on a record you are not the owner of
you get a more informational message.
Enabling the ability to hide actions involves setting a schema property. You do that using the packageutil command as shown here.
If the schema is checked out, it is important that you close down the ClearQuest Designer or at least make sure you have saved your work.
Performing the updates on the schema outside Designer requires Designer to reload the
new version of the schema without allowing you to save any unsaved changes.
If your goal is to be able to do a "Test Work" of the schema before checking it in and upgrading the user database
make sure you pass the optional parameter "- nocheckin".
For the purpose of this demonstration, the command is allowed to check out the schema, set the property, and check it back in again.
The user database is already upgraded in this example.
Here is what has changed. If you are a user that is unable to perform the Assign action
the Assign action is no longer in the list.
If you are a user that is not the owner of record and try to perform the resolve action
the action also has been removed from the list the reason being is that property
removes from the list any
access control hook that return a result equal to zero.
Logging in as the user "Pat", who has permission, you can see that the Assign action is still there.
Depending on your process and the number of actions, it might make more sense to hide all actions from users who are not
permitted to peform them. However, you might want to hide only some actions while allowing other ones to be run
even knowing the user is not permitted to run the action. This is so you can provide them with additional information.
By making a small schema change to the Resolve action Access Control hook, you can achieve the result of having the Resolve action
appear in the list, while still keeping the Assign action hidden for any user other than "Pat".
The schema change is already made for this example.
The lines that are highlighted in blue were added
which encompasses an extra "if" statement.
This checks what the value of the "ratl_GetLegalAction" session variable is.
By checking the value, it can determine if the reason the Access Control hook is being run is just to see if this
action should adhere in the pull-down or if it is being run to actually perform the action.
This allows the desired result: The Resolve action will be shown in the pull-down, but will generate the a useful
dialogue when if you do not have permission.
The schema is already checked in and the user database upgraded for this example.
Go back to the ClearQuest client
to see what the changes have done.
The user "Judy" who is not permitted to perform the Assign action
will still not see that in the list, which is what is expected.
However, for those who are not the owners of a record and try to perform the Resolve action
they are now able to attempt to perform the Resolve action, allowing them to to get the additional
information as to why they are not permitted to perform the action.