MK-R-J If anyone has any suggestions, I'd be grateful. I'll list my questions at the end. Background I'm currently building an application for responding to inquiries, and I've created the following roles. The role configuration determines execution permissions and the visibility of cases by case owner. Environment: Engine/Portal 12.0.7 Tables Category: User Area / Support Contact ///////////////////////////////////////////////// A-App: a-Users (Role) / a-SupportMembers (Role) B-App: b-Users (Role) / b-SupportMembers (Role) ・・・・ Role Configuration User_all (Process Execution Permission) L a-Users (Category A-App Query Permission / Case Visibility Specified by Case Owner) L b-Users (Category B-App Query Permission / Case Visibility Specified by Case Owner) Flow 1) User-AAA, included in a-Users, makes a query. 2) A response task is assigned to a-SupportMembers, and User-BBB, who plays that role, responds. 3) The requester, User-AAA, confirms the response. Other Conditions I want a-users cases to be visible to all a-Users, but not to other roles such as b-users. I want b-Users cases to be similarly handled. Question It's a pain to have to edit Role.xml every time, so it would be even better if I could import a separate file (e.g., an Excel file). As the number of apps increases, it becomes a pain to register permissions and roles one by one in the Engine, so I'm wondering if it's possible to centrally configure role settings for each app. Is it possible to configure roles/permissions for the Engine from within the App process? I may have missed the API documentation.
Lukas Lieb Yes you can create roles and users per API and also control it's permissions. https://developer.axonivy.com/doc/12.0/en/public-api/ch/ivyteam/ivy/security/role/IRoleRepository.html Ivy.security().roles().create() or in ivy script ivy.security.roles().create() https://developer.axonivy.com/doc/12.0/en/public-api/ch/ivyteam/ivy/security/user/IUserRepository.html Ivy.security().users().create() or in ivy script ivy.security.users().create() https://developer.axonivy.com/doc/12.0/en/public-api/ch/ivyteam/ivy/security/IUser.html user.addRole(role) https://developer.axonivy.com/doc/12.0/en/public-api/ch/ivyteam/ivy/security/ISecurityContext.html https://developer.axonivy.com/doc/12.0/en/public-api/ch/ivyteam/ivy/security/ISecurityDescriptor.html ISecurityContext context = ISecurityContext.current(); ISecurityDescriptor descriptor = context.securityDescriptor(); IPermission permission = descriptor.getPermissions().get(0); //search for your wanted permissions descriptor.grantPermission(permission, role /* or user */);
MK-R-J Dear,Lukas Lieb Thank you for your replay! I understand that Axonivy app can create the roles and users by ivyscript. I'll check your urls and api documents. By the way, can I import the Role.xml file like the Variables in app.yaml?
Lukas Lieb Currently, the roles.xml file cannot be included in the app.yaml. This has a simple reason, that the lifecycle of these files is not the same. All the configuration in the app.yaml file is dynamic and can be updated. Roles live in the system database and are only read from the roles.xml during deployment.
MK-R-J Lukas Lieb Thanks!!! I understand for your reply and role.xml file cannot be external. Thanks a lot!
