User Criteria
In SimpleOne, access to content items and categories is controlled by the system administrators. They can create user criteria records and define access conditions to any objects based on the criteria specified.
Create user criteria
Role required: admin, security_admin (for сreate-read-update-delete operations, also known as CRUD).
Users with non-administrative roles can only view user criteria created earlier.
To create a user criteria record, complete the steps below:
- Navigate to User Administration → User Criteria.
- Click New and fill in the fields.
- Click Save or Save and exit to apply the changes.
User criteria form fields
| Field | Mandatory | Description |
|---|---|---|
| Name | N | Specify the record name. |
| Roles | N | Specify roles users should match. |
| Groups | N | Specify groups users should match. |
| Users | N | Specify user records to match. |
| Advanced conditions | N | Select this checkbox to specify a more precise condition. When selected, the Conditions field appears. |
| Conditions | N | Specify a more precise condition for your criteria using the condition builder. Empty condition always returns true. This field appears when the Advanced conditions checkbox is selected. Specified conditions are applied to users from the Employee table. For users from the User table and other tables extended from it, or from the Employee table, specified conditions return false. |
| Match all roles | N | Select this checkbox if the user must have all roles specified in the Roles field to meet the criteria. |
| Match all groups | N | Select this checkbox if the user must be a member of all the groups specified in the Groups field to meet the criteria. |
| Active | N | Select this checkbox to activate the user criteria. |
| Companies | N | Specify the company the user should match. Leave this field empty if users from all companies are allowed. |
| Locations | N | Specify the location the user should match. Leave this field empty if users from all locations are allowed. |
| Department | N | Specify the divisions the user should match. Leave this field empty if users from all divisions are allowed. |
| Match all | N | Select this checkbox if all conditions in this record must be met to provide access. If the checkbox is clear, users must meet one of the criteria to gain access. As an example, consider the following user criteria record with the conditions:
If the Match all checkbox is clear, a user must meet at least one of these conditions. An employee with a location Q as well as an employee with company X can access objects. |
API usage
The SimpleUserCriteria server-side API class allows you to perform your tasks when you work with the user criteria functionality.
Use case
You need to restrict access to the service catalog so that only certain users can access and manage it: users of the Content managers group from Moscow, Russia.
To do so, create a user criteria record and set the conditions.
- Navigate to User Administration → User Criteria.
- Click New and fill in the fields:
| Field | Value |
|---|---|
| Name | Criteria for Service Catalog |
| Groups | content_manager |
| Location | Moscow, Russia |
- Navigate to System Secutiry → Access Control (ACL).
- In the Table field, select Service Catalog.
- Fill the script with the following SimpleUserCriteria() method – userAcceptanceByCriteria(user, criteria).
const uc = new SimpleUserCriteria();
ss.info(uc.userAcceptanceByCriteria(ss.getUserID(), '158617888715304763'));
// Info: true