Cancel
Showing results for 
Search instead for 
Did you mean: 

TC-ACL: What is the value to enter for condition "Current Group Is"?

Siemens Creator Siemens Creator
Siemens Creator

Dear all,

I'm about to reorginize an ACL rule tree under TC11.2 and what like to use the "Current Group Is" condition which does not work for me when entering a group (parent or child) name in the related value field.

 

TC Help says following (Current Group Is):

----------------
Description

Checks the current logged-on group that is set in the session. It enables end users to configure access rules for the Sponsor group.

Note

This condition applies to the current logged-on user only. This does not apply to a given user and group that are different from the logged-on user group.

Input Arguments

true or false

----------------

 

What does the logical values mean in this context - is this a bug in the documentation?

 

Could someone please post a real-working example of this condition?

 

Thanks!

Oliver

7 REPLIES 7

Re: TC-ACL: What is the value to enter for condition "Current Group Is"?

don't think its bug, there are so many conditions which depends on more than one criterias (especially when you are working with ADA Licenses ACL)

 

As mentioned in the document this condition works along with "Is Sponsored Mode", 

so here for Current group Is condition my understanding is 

 

It will check if the user with the current Group has the ongoing TC session in Sponsor Mode?

 

Hence True or False.

 

Capture.PNG

 

Regards,

Ganesh

Re: TC-ACL: What is the value to enter for condition "Current Group Is"?

more info here...

 

Capture.PNG

Re: TC-ACL: What is the value to enter for condition "Current Group Is"?

Siemens Creator Siemens Creator
Siemens Creator

Okay, then I misinterpreted the hint to the 'Sponsor Mode' by assuming it might be considered as an option to 'Current Group Is' condition but it is rather depending on that setting.

 

Thanks for making it clear!

 

BTW, my approach was to set up a kind of role-based rule-tree, e.g.:

+-Current Group Is (GroupA) -> group_a_acl
|+-Has Class (POM_application_object)
...
+-Current Group Is (GroupB) -> group_b_acl
|+-Has Class (POM_application_object)
...

And as now understood, 'Current Group Is' is the wrong condition for it.

Do you know other OOTB ways to achive this (without using custom/dynamic ACL functions)?

 

Re: TC-ACL: What is the value to enter for condition "Current Group Is"?

There are multiple ways to implement that depending on your business scenario/need.

 

for example, if your organization has 3 object types say part, document, design.

for each of the object, you can define the condition as Has Class and then defined access for each role/role in the group

 

and if you have 3 departments/group let A, B, C which holds/create data,

you can define access based on where data belongs using has owning group condition then 

defined access for each role/role in the group.

 

also, these all conditions can be used together in case of complex/more secure needs.

 

Regards,

Ganesh

 

Re: TC-ACL: What is the value to enter for condition "Current Group Is"?

Siemens Creator Siemens Creator
Siemens Creator

Right, the first mentioned approach is the standard way which we use right now.

 

Second approach restricts the rule to the 'Owning Group' only and won't be applied actually for those groups which are not of the owning group but in our case particular groups should get access (e.g. Read) to objects which they are not owner of.

 

The idea actually was to have the rule tree structutred based on the Group/Role setting first and then defining type based rules under it. That's why I tried initially to use the 'Current Group Is' condition but it seems like this approach is not supported by TC at all.

 

But thanks for your feedback Ganesh!

Oliver

Re: TC-ACL: What is the value to enter for condition "Current Group Is"?

Okay I can understand your requirement but you won't find such condition that validates if the user is logged-in in current session with a particular group/role (at least I cant)

 

but we can choose those groups in accessor list and provide necessary access.

 

like below,

 

Capture.PNG

 

so in this way, you can select a particular class as condition, and then provide access to individual groups.

This should perform the same thing you are looking for.

 

Regards,

Ganesh

 

 

Re: TC-ACL: What is the value to enter for condition "Current Group Is"?

Siemens Creator Siemens Creator
Siemens Creator

Exactly, as I already mentioned this is the way my customer's implemented the ACL today.

 

Motivation for the other structure is to get a better overview what group/role has access to what type but at the end rule-tree structures should behave the same of course.

 

Thanks anyway,

Oliver