Why can’t a non-Admin user see reservable spaces in organization?


We have some reservable spaces with system geography and system organization settings. A non-Admin user also has the same geography settings. There are security groups for reservations, and organizations and geography security groups are assigned to him. The geo and org security groups have the same geo and org as the space and profile. But the non-Admin user still isn’t able to see spaces.

He is only able to see them when the first level of the org hierarchy is provided in the group (i.e. \Organization). But as soon as the second level is given in the group, he isn’t able to see them. Can anyone help me on this? I think there is some issue in the org, but I don’t know exactly where it is.

[Admin: To see other related posts, use the Geography tag or Organizations tag.]

Continue reading

Advertisements

Why do queries that are expected to display data show nothing?


When running queries against records within the application, expected record results are not displayed. Why do queries that are expected to display data show nothing at all?

Within the application, we have a variety of different settings that can restrict a user’s access to record data. The user’s Security Group can restrict access to records at the module and BO level, but each use case is slightly different. 

Within every user-facing record, on the System tab, there are fields for System Organization, System Location and System Geography. These values operate in conjunction with similar fields on the Security Group and the User’s People record to allow and restrict access to records. 

The key is that as soon as the user is given a defined Organization, Location, and Geography, the fields on the System tab of their People record are populated. Once that happens, each record they create will be seeded with that information as well. So far, all is well and good, but those users who lack similar settings are now unable to see those newly created records, unless their System fields are the same as or located at a higher point in the hierarchy.

Another area to consider is the Security Group settings for Organization and Geography. If a user has no values set on their People record, the application can still restrict access by using the Security Group values. This can cause a problem as the Organization and Geography Security is defaulted to null in the as-shipped application. This essentially gives the security code no starting point for determining access and will not display records.

To recap, if the record data does not align with the data in the user’s People record, or the data in the user’s Security Group, the record will not be displayed. As mentioned, there are a couple of things to look for. As an Admin user, compare the user’s record data with the record that should be displayed, and correct any misaligned data. Also, in the Security Group, set the Organization and Geography to the root of each hierarchy by default. For additional details, please review the following TRIRIGA wiki article: Security Overview.

Continue reading

IV97599: “Grant Security Access” workflow does not filter properly


The “Grant Security Access – MASSUPDATE” workflow does not filter the groups and licenses correctly, because various tasks in this workflow are not set correctly.

The “Update Records” action on the Grant Security Access form was creating a duplicate of Groups/Licenses on People and My Profile records if the Groups/Licenses selected were the same as the ones added on People and My Profile. Moving forward, we resolved the issue by modifying the workflow “Grant Security Access – MASSUPDATE” to not create any duplicate Groups/Licenses if they are already added to People and My Profile. We also fixed another issue, to create new Groups if the “Clear Existing Security?” check box is checked.

[Admin: To see other related posts, use the Groups tag or License tag.]

Continue reading

How do you add or remove access to the “Form” action of a report?


I’d like to grant or revoke the access to the “Form” button of a report according to the security group of users. But I haven’t find any options related to this button in the Security Manager.

If you can find the action in the business object when it is selected in Security Manager, then you can control it there. If you cannot find the action, you will not be able to manage it there. Some objects are system objects and cannot be modified. This may be one of them.

[Admin: To see other related posts, use the Security Manager tag.]

Continue reading

IV97700: Security group blocks calendar reservation information


We have a problem when we open a reservation from the calendar. It seems that when the user has a primary organization and he opens a reservation from My Calendar, the reservation window is opened, but it doesn’t show any information. However, if the user doesn’t have a primary organization, the reservation window is opened and it shows the information correctly.

When dealing with an organization, geography, and project security, you should use the user’s groups, not override groups. In Reserve, My Calendar, a user with an organization or geography is unable to open a reservation that was created. The security was not using the organizations or geographies from the user’s profile (groups) when determining the user’s access. Instead, it was using the overridden Reserve security group.

[Admin: To see other related posts, use the Reservation tag.]

Continue reading

How do you report a triProperty with more than one triBuilding?


I have a few questions from our customer about TRIRIGA reports:

  • Question 1: We want to create a report to show the triProperty which has more than one triBuilding as children. By using an association filter, we can only show the triProperty which has at least one triBuilding. By using a summary report, we can group by triProperty to show the number of triBuilding it has, but we can’t add another criterion based on the “Number” column. So, both two solutions above don’t work.
  • Question 2: How can we do something like a “left join” in a multiple-BO report? We have noticed that the behavior of multiple BOs in a report acts more like an “inner join” query. The filter based on the secondary BO will also impact the primary BO result. Do you know any way to get a “left join” result in TRIRIGA?
  • Question 3: How can we share a list of reports with users who are members of a specified security group? Our customer doesn’t want to grant the access of the “My Report” application for those groups, and they would like a solution that is more dynamic than adding those reports into the portal of the user. I don’t know if there is way to do this. Can the Admin user define a favorite list for the end users?

[Admin: To see other related posts, use the Reports tag or My Reports tag.]

Continue reading

Is there a way to set up parallel or peer approvals for a group?


We have a requirement to approve a record if anyone (not everyone) from the list approves it. For example, the approval requirement for contracts contains two users, A and B. If user A approves a contract, then it gets approved without user B. And vice versa, if user B approves it first, then user A is skipped. Can we do this?

Recently, I had an opportunity to test this, specifically, two users at level 1 and two users at level 2, etc. After speaking with the development team, each user at each level must approve the record. This is working as designed. There is no plan to change that behavior at this time. I believe that there is an open RFE to request the functionality in a future release. I suggest either opening an RFE or voting for the existing RFE if you need that functionality.

[Admin: This post is related to the 10.21.15 post about group approvals. To see other related posts, use the Approvals tag.]

Continue reading