Option 1 - xPath on reference selector
You want to select all users which don't have a userrole that don't belong to the grantable roles of the currentuser. And that's possible by XPath (not tested):
not(System.UserRoles/System.UserRole[not(System.grantableRoles[reversed()]/System.UserRole/System.UserRoles = '[%CurrentUser%]')])]
That's probably the behavior you want. The problem with "selecting user with the exact same roles" is that a Manager can't select a Employee. By using grantable roles a Manager can select user with the roles [Manager] or [Manager, Employee] or just [Employee].
Make sure you set the grantable roles correctly in the project security and then this should work.
Option 2 - datasource microflow
You can also add just one attribute: "amountOfRoles" and set it before commit with a count of the userroles. Then use this on the Account retrieve:
[not(System.UserRoles/System.UserRole[not(System.UserRoles = '[%CurrentUser%]')])][amountOfRoles = $account/amountOfRoles]
Note that I use $account and not $currentUser. So retrieve Account from database where id = $currentUser.
Another approach - I have attached a picture of a microflow that may do the trick.
Similar to Herbert's 2nd solution I used the following xpath in a retrieve action from Account:
[id!=$Account] [System.UserRoles/System.UserRole[System.UserRoles=$Account]] [not(System.UserRoles/System.UserRole[not(System.UserRoles=$Account)])]
And then in the microflow loop over the resulting AccountList to remove Accounts with a different number of UserRoles. Herbert's storing of this amount could help performance by including it in the xpath.
Off course this asumes users with exact the same role list.
Unfortunately you can't edit the System module, so for my suggestion to work you would need to create a 'shadow' entity for the UserRole in your own module...
If you add an integer field to UserRole, and give each role a value,1, 2, 4, 8, 16, 32, 64 etc, then on your account object, sum these integers for the roles of the user, that will give you a unique number representing the combination of that user's roles.
To find someone with the same permissions, you would then just need to look for someone with the same 'total' as you
Hi Bas, here are some images to explain a little. Domain with new entity liniked to UserRole:
For each Permission Role (you are right, created in the Modeler) that you want to track, create an entry in the UserRole Rating form:
The using a Before Commit microflow on the Account object, set the total roles score for the account:
After that you can easily find users with matching roles just by searching for accounts with the same total score. Here is a link to a sample project with this implemented: Newproject.mpk (I had to zip it again to get it to download)
This is the microflow I came up with:
I retrieve the user role of the current user. For each role I retrieve all persons with that role. Then I intersect all these list to find the persons that are on all the lists. It's the fastest I found. I do like David's sollution but has the disadvantage of creating shadow entities.
I still think it should be possible with only xpath though.