Hello Community,

We want to achieve the following but cant find the right way to do it.

We have two Organizational Roles 

  • Europe
  • Asia

We have two functional roles 

  • Marketing
  • Sales

We want:

  • Europe/Marketing to see only Europe/Marketing records. 
  • Asia/ Marketing to see only Asia/ Marketing records. 

     

Same applies to Sales. 

  • Europe/Sales to see only Europe/Sales records,
  • Asia/Sales to see only Asia/Sales records.

Can this be achieved somehow?

Sasor

Like 0

Like

4 comments

++

Sasori Oshigaki,

Hello , this Code should work 
{
  request: "crt.LoadDataRequest",
  handler: async (request, next) => {
    // Check if this is your MultiSelect's data source
    if (request.dataSourceName !== "MultiSelect_lf952eo_List_Items_DS") {
      return await next?.handle(request);
    }
 
    try {
      // MAIN filter group for the lookup
      const filter = new sdk.FilterGroup();
      filter.logicalOperation = sdk.LogicalOperatorType.And;
 
      // Build a nested OR group for the 3 roles
      const roleOrGroup = new sdk.FilterGroup();
      roleOrGroup.logicalOperation = sdk.LogicalOperatorType.Or;
 
      // Role 1
      await roleOrGroup.addSchemaColumnFilterWithParameter(
        sdk.ComparisonType.Equal,
        "[SysAdminUnit:Contact:Id].[SysUserInRole:SysUser:Id].SysRole.Name",
        "Marketing"
      );
 
      // Role 2
      await roleOrGroup.addSchemaColumnFilterWithParameter(
        sdk.ComparisonType.Equal,
        "[SysAdminUnit:Contact:Id].[SysUserInRole:SysUser:Id].SysRole.Name",
        "Sales"
      );
 
 
      // Add the OR group to the main filter
      filter.add(roleOrGroup);
 
      // SDK workaround for versions < 8.1.1 (copy items)
      const newFilter = Object.assign({}, filter);
      newFilter.items = filter.items;
 
      // Push the filter into the request
      request.parameters.push({
        type: "filter",
        value: newFilter
      });
 
      return await next?.handle(request);
    } catch (error) {
      console.error("Error filtering contact list:", error);
      // Continue with original request if filtering fails
      return await next?.handle(request);
    }
  }
}

Hello Sasor,

To achieve the requirement where specific organizational and functional roles can only see records relevant to their combination (e.g., Europe/Marketing can only see Europe/Marketing records), you can configure access permissions in Creatio by following these steps:

1. Create Organizational Roles:
Ensure you have the organizational roles "Europe" and "Asia" set up in the system.
 

https://academy.creatio.com/docs/8.x/setup-and-administration/administration/user-and-access-management/user-management/organizational-roles


2. Create Functional Roles:
Ensure you have the functional roles "Marketing" and "Sales" set up.
 

https://academy.creatio.com/docs/8.x/setup-and-administration/administration/user-and-access-management/user-management/functional-roles


3. Assign Users to Roles:
Assign users to the appropriate combination of organizational and functional roles (e.g., users in Europe/Marketing should be assigned to both the "Europe" organizational role and the "Marketing" functional role).
 

https://academy.creatio.com/docs/8.x/setup-and-administration/administration/user-and-access-management/user-management/assign-a-user-role


4. Configure Record Permissions:
- Go to the System Designer and open the Object permissions section.
- Select the object for which you want to configure permissions (e.g., a specific entity or section).
- Set up record-level permissions to restrict visibility based on both organizational and functional roles.
This can be done by creating filters or conditions in the access settings that check for both role types assigned to the user.

 

https://academy.creatio.com/docs/8.x/setup-and-administration/administration/user-and-access-management/access-management/record-permissions

 

Let me know if you have any more questions - happy to help further.

Hello Valeriia,

Thank you for the answer. Are you suggesting that this combination might achieve what we need?

Thank you 

Sasor

Show all comments