Question

Visibility of User Roles with data from Single Sign On from SAP

0

Hey everyone, the users of my application are using SAP Single-sign-on to log on. Everyone with access to the application has a dedicated role. I want to display that role in an addressbook. However, there is an XPath Constraint in the corresponding attribute allowing users to only see their own role. This XPath constraint (or rather the whole domain model) is non editable. Is there any possibility to make changes to the domain model (and respectively the constraints)? Does anybody know about a workaround? Thank you! Kind regards Jan

asked 2019-07-04

Jan Weidemüller

1 answers

Jacob Boer · Answer 1 · 2019-07-05

The security settings of the Mendix out of the box components do make sense that's why they are not meant to be changed.

A work-around could be to create your own role entity and populate either on demand or by synching it regularly…

Or as the SSO module is using the account entity you could add a calculated attribute to account, and have that filled by a microflow. Then you could add all the roles in a single string.

Note that calculated attributes do have some performance impact..

You could also setup your own role entity, associate it to account and override the createrole (and other role behavior) from the SSO module to not only create the system.role but also your own role….