authorization | Community Creatio

Is there a way to open a external website in Creatio ? I would like to make a get request to an authorize endpoint url but I need to access the page in order to fill in credentials.

1 comments

Oleg Drobina

11:14 Apr 04, 2023

You can add your external website in the IFrame inside the app: in the 2.b "Declare the component class" of this article, you should insert your iframe HTML markup. Also, keep in mind that not all sites can be inserted as iframes due to different security settings.

Additionally you can try creating the code that will use Fetch API to authenticate and get data needed.

Show all comments

Question

authorization

permissions

Use column permissions misunderstanding

Jonathan Quendoz

17:29 Sep 27, 2021

Hi community,

On a demo version, I have created a test user with "Direction" as organizational role. I want it to hide the "Budget" field in the opportunity section and don't make it editable.

To do so, I went in the "object permissions" and checked "Use column permissions", selected the "Budget" field and giving a "Deny reading and editing" access level to the "Direction" role.

The three available options are :

After doing that, when I connect with the test user, I still can see (or read if you prefer) the Budget field, however I can't modify it.

How can I do to hide this field to all the "Direction" users ? If we can't do it like this, what does "Deny reading" mean ? What are the differences between "Permit reading" and "Deny reading" ?

Thanks a lot for your time.

Best regards,

Jonathan

5 comments

Bogdan Spasibov

17:48 Sep 29, 2021

Hello Jonathan,

Could you please specify the version of your application?

Thank you!

Best regards,

Bogdan S.

Jonathan Quendoz

17:54 Sep 29, 2021

Hi Bogdan Spasibov,

The actual version of Creatio, 7.18.3.

Bogdan Spasibov

11:32 Sep 30, 2021

Hello Jonathan,

The "Deny reading and editing" option won't hide the field but it can hide the value of the field. For example, with the following setup, all company employees will see the field value except for the users that are added to the '1-st line support' role:

But the best way to achieve you business task is to use business rules. There is a rule that is called 'Show an element on page'. It allows you to show the specific field on the page only for some users. For example, with this setup only Supervisor can see the 'Budget' field on the page:

Please note that as of now the business rules can be applied to users only. The setup with org.roles should be available in one of the upcoming releases.

Best regards,

Bogdan S.

Jonathan Quendoz

12:15 Sep 30, 2021

Hi Bogdan Spasibov,

Thanks a lot for your answer. The first methods doesn't seem to work. I created an opportunity, set the "Budget" field to 3'500. Then went to the object permissions and set "Deny reading and editing" to the "Direction" Organizational role. When I log in with a "Direction" user, I can still se the 3'500.

However, your second solution helps me a lot and is perfect for what I want to do.

Thanks :)

Robert Pordes

14:36 Oct 01, 2021

Jonathan Quendoz,

Hi,

please be careful with using business rules as a means for data access restrictions! They only work on the page where they are configured! So this will not if the user adds the field to the opportunity list.

Besides this, I think that the order in Bogdans answer should be the other way round. Permissions are evaluated by priority and the first hit will count. Since every user is in the "All Employees" group, the second row will never be evaluated.

BR,

Robert

Show all comments

Subscribe to authorization