cancel
Showing results for 
Search instead for 
Did you mean: 

User only should see one application with its jobchain- and jobdefinitions

Former Member
0 Kudos

Hello,

I want to give one user the rights to see only one specific application (XYZ) with all its jobchain- and job-definitions.

The user has a custom-role with scheduler user in it and no priviliges.

The application-security for XYZ I set to "view" for the role the user has. But the User only can see the application, not the definitions in it. How I have to create the user that he can see also the jobchain- and jobdefinitions?

If I set the security for single jobdefinitons for this user to "view" then he can see this jobdefinitions. But I have mor than hundred jobdefinitions and don't want to do this for every jobdefinition.

Regards

DanUll

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

If you're going to set privileges on more than a few objects for a role, it might be worth making use of Partitions.

This gives greater control over who sees what. However, if you didn't decide to use Partitions from the outset, there will be a certain amount of effort required to retrospectively put everything in the right place. This is because everyone can see objects in the GLOBAL partition, so to restrict access, you'd need to move everthing out of the GLOBAL partition before creating other partitions with the required access for your ROLES.

If you're happy to set Privileges at individual object level as you originally suggested, you can update all the JobDefinitions in an application with the RedwoodScript code below. Just update the code with a JobDefinition that exists within the Application in question and the Role to which you want to grant Privileges. The code outputs all the JobDefinitions within the application to screen so you should run it with the persist command commented out first, just to make sure you're not going to update anything you don't want to update.

{

    // retrieve the application whose contents you want to update

    JobDefinition anyJd= jcsSession.getJobDefinitionByName("NAME OF ANY JOBDEFINITION IN APPLICATION XYZ HERE");

    Application app = anyJd.getParentApplication();

    // retrieve the subject (in this case a ROLE) whose privileges you want to dictate

    Subject sub = jcsSession.getSubjectByTypeName(SubjectType.Role, "ROLE NAME HERE")

   

    // get all child JobDefinitions in the application

    for (final Iterator jobDefIterator = app.getChildJobDefinitions(); jobDefIterator.hasNext();)

    {

        JobDefinition jd = (JobDefinition) jobDefIterator.next();

       

    // exclude branched versions (i.e. non current copies of JobDefinitions)

    if (jd.isMasterVersion())

    {                   

            // print out the JobDefinitions name as a check to what you're updating

            jcsOut.println(jd.getName());

            SubjectObjectPrivilegeGrant sopg = jd.createSubjectObjectPrivilegeGrant();

            sopg.setGrantedRank("View");

            sopg.setGranteeSubject(sub);

        }

       

    }   

    //jcsSession.persist();

}