Dynamic Roles with PeopleCode Rule
Dynamic roles can be assigned using query rules, PeopleCode rules or directory rules.
Using PeopleCode rules allows you to use more flexible logic as you have the full power of PeopleCode to work with. This article gives an example of how it is done.
The steps are:
- Create the role and set the PeopleCode rule flag in the dynamic members tab
- Create a PeopleCode function that assigns the dynamic role using the
Setting up the Role
Where you can add your new role. Configure your role appropriately, and add the relevant permission lists.
Dynamic Members tab, check the PeopleCode Rule Enabled check box. Then enter the Record, Field Name, Event and Function name of the PeopleCode function that will be assigning the dynamic role. Here's an example of how this might look:
Assigining the role with PeopleCode
Now you can create the PeopleCode to assign the dynamic role to the
%RoleDynamicMembers system array. In this example, I use a SQL object that returns a list of operator IDs which are then pushed in the
%RoleDynamicMembers array one at a time.
Function AssignExampleRole() Local string &sOprid; Local SQL &sqlGET_EXAMPLE_USERS; &sqlGET_EXAMPLE_USERS = GetSQL(SQL.GET_EXAMPLE_USERS); While &sqlGET_EXAMPLE_USERS.Fetch(&sOprid) %RoleDynamicMembers.Push(&sOprid); End-While; End-Function;
The logic to get your users lives in your SQL definition. All your SQL needs to return is a list of operator IDs. For example it could be as simple as the example below, which finds all users with a description starting with Smith.
SELECT OPRID FROM %Table(PSOPRDEFN) WHERE OPRDEFNDESC %Like('Smith')
If you need to do any pre-processing, you can do that in the while loop before pushing the operator ID to the
You can test your rule in the dynamic members page using the
Test Rule(s) button. Note that this may fail if your working on a large set of operator IDs. Use the
Execute Rule(s) button on the dynamic members page to assign the role using your new role.