Article: AN0002033Updated:
Users are shared in a single ObjectGears instance across all the models. Every user can display page User infromation (QuickPersonInfo) with data of whatever user. Similarly, when list of all the users is displayed when selecting in the column Value from a referenced class, that refers to a user. This behaviour is suitable when using ObjectGears in a single enterprise.
In some cases it is appropriate to modify this standard set up and enable users to display other users from the same company/organization unit, but not from other companies/organization units. Example can be using ObjectGears for sharing data with customers and business partners, when will probably want user not seeing users from other companies.
We can achieve this behaviour in following way:
1. Restrictions in displaying page User information (QuickPersonInfo) with data of other users.
We will use script for this page, that we will set in Scripts of administration pages - User information. We will use script according to our needs. Example shown hereinafter enables user, that is not administrator, to access only the page with his/her own data. In case of attempting access to page with data of another user, an errror message is displayed.
function OnLoad()
{
if (!( OGPerson != null && ( OG.Person.IsUserAdmin() || OGPerson.Id == OG.Person.GetLoginPerson().Id )))
{
OGForm.RedirectToAccessDenied('This page can be accessed only by administrator.');
}
}
Note: Users should always be able to access their page User infomation, in order to change language preferences, password or check the time of the last logon.
2. Limiting displayed users when selecting in columns of type Value from a referenced class - reference to user.
Parameter PersonOrgStructureId in web.config file is used for this limitation. Organization structure of type Team structure can be refered in this parameter. Property Team member/s is key in defining which users can see which users.
The users can see those users, with whom they are stated in the column selected at the given organization structure as Team member/s. In the show example it is column Members.
User George Hill can see only himself and user Alex Thompson. User Alex Thompson can see himself, user George Hill and user Duncan Krueger. User Alex Thompson does not see user Richard Jung, because he is marked as deleted.)