Hi, we’re having trouble to find a simple yet effective ssolution to display a form with input elements (text, radio buttons, dropdown) and setting the editability of each field depending on the assigned user roles. We have authorization roles as viewer/author for an entity and of course both roles are able to view the same pages and mostly use the same workflows (except some like saving). We found these options Set visibility of page to user role Set visibility of UI element based on user role Create a isEditable calculated attribute based on a microflow and use it in the editable condition The first idea is not sufficient as both roles are basically supposed to view the same form. The second idea would mean duplicatiing each role specific UI element or the whole form. That would leave us with duplicates and maintenance of two fields each time. The last one is feasible as we have the $currentUser object avilable to check for role assignment. Alas we are basically missing two options $currentUser or $userRoles in the expression section of the editability condition of the field a setting just like in the visibility condition of a field where user roles can be (de)selected What is your best practice in this case? Maybe we overlooked something? thanks in advance Stefan
In this case I would recommend solving this in the Domain model as much as possible. If you look at the domain model and click on an entity, go to the access rules you can set what attributes a user role can read and which it can edit (without write rights, an attribute is never editable). Next to the access rules you can also set an xPath constraint for which objects these rules are valid.
For example: You can create a userrole which can edit the data of an organisation, if the organisation_account = currentuser. You can then also create another acces rule for this user, where you set everything to read, so the user can read the information for every orhanisation.
Hpoe this helps!
Thank you Matteo,
We hadn’t had the Security level at ‘Production’
That enables the access rules/rights on property level