Limit all visible data entries to user's access group

I’ve read through some of the readily available documentation regarding access groups, but don’t understand it enough to accomplish what I need to do.

I need all users to only see data entries created by those within their own access group. As an example, I created two access groups (group 1, group 2) in a test scenario to get this working. I need to figure out a way to set a constraint so that the data available for viewing, editing, etc. for those within group 1 are only those entries created by users in group 1, and the same for group 2. So far, I haven’t found a simple way to set this up.

Thanks in advance for your help!

Hi @adam5sbass,
Check out the Multitenancy addon. It is probably what you need.

It is possible to implement using only access groups too. For example: You can create a constraint based on the createdBy field, joining user table and comparing the current user group (session$userGroupId) with the group of the user who created the record.

Regards.

Hello @adam5sbass

The case can be solved with CUBA Acces Groups.

Let’s suppose that we have user1 and user2.

  1. Create two groups: group1 and group2.
  2. Move user1 to group1, user2 to group2.
  3. Setup constraints for each group:

group1:

group2:

Now user1 will be able to perform CRUD operations with entities created by users from group1, and the same for user2.

Read more about constraints in our documentation: link

Regards,
Daniil

Thank you for this information! I’m testing it out now.

Thank you for this. I appreciate it! I do still have an issue, though. With the combination of using the Multi-tenancy add-on along with your example, I set up the constraint as you have listed. However, the only entries that load are ones created by the user that is logged in, not the access group they belong to. I think it has to do with the Groovy Script shown above. Is it possible I need Check Type of ‘Check in database’ so I can use a join clause to show entries from the entity where createdBy = some sort of join? I’m unable to get this part functioning correctly.

Here is what I’ve tried, but I’m getting a syntax error:

48%20PM

Thanks in advance!

I’ve changed a few things in the query. Here is the updated screen shot and error:

57%20PM

09%20PM

It might have to do with how I’m calling Tenant ID, as it’s listed in the Entity Inspector as ‘Tenant Id’. I’ve tried multiple versions of this, and still get a syntax error when testing the constraint.

Hi @adam5sbass,
If you are using the multitenancy addon, you need to configure the entities that you want to be tenant-specific (implement the HasTenant interface).

For simple constraints like yours, this is the only configuration required. The add-on automatically configures the required constraints.

Regards.

Oh, wow! This would be great. I need to figure out how to set this up.

There is a demo project.

But it is really easy. Just change your entity from extends StandardEntity to extends StandardTenantEntity (or implement HasTenant interface).

Regards.

Holy moly! This information is awesome! I just tested it in a test project, and it is automagical! Thank you so much!

1 Like