How create Acees Group?

Hi,
I have this BD. The system is an extranet in which multiple unrelated companies upload documents for their clients.
I am trying to program the restrictions so that each user and each client can only see the information related to their company based on their id_user & id_company.
I am trying to create the Access Groups of users (employees) and clients. I only have the roles client and employer, since in principle we do not have departments.
He created an Access Group for users and another for customers. In users I have created the following cosntrain but doesn’t work. Should I put any value in Session Attributes?.

@firstova, @stukalov

Three days ago I posted a question about constraints. I am surprised that my question has not been deliberately answered even though my post was addressed by Natalia Firstova in support. It is striking that if the rest of the questions that are asked in this forum are answered. We pay a premium license and on your page it is guaranteed that there will always be a response. Unfortunately, your limited documentation and the almost non-existent video tutorials make it necessary to ask many questions in the forum. It seems wrong to me to be treated this way and deliberately forget to give me an answer.
On the other hand, I want to edit the post and delete the images. Currently I cannot since Natalia is the owner of my question. So please, Natalia delete the images from the post or give me control so that I can do it.
Greetings

Hi,

  1. I’m not sure how the UI of the forum looks for you and why “Natalia is the owner of my question”. The editing of posts get automatically disabled after 2 hours after creation of the post.

  2. This forum is a free support forum. It is available for all CUBA users regardless of the subscription. There is no guaranteed response time, and CUBA team members as long as community members can answer the question according to their free time and knowledge. The typical answer time is from one to several days.

If you need urgent support with guaranteed response time and confidentiality of exchangeable information, it is achievable with Commercial support option. More details are available here: Support & Services – Jmix

1 Like

Regarding your actual question.
If your data model contains relation between which User (employee) can see which Client, then you can implement your requirements with JPQL constraints.
Only one access group should be created for all restricted users. Those users who need to be restricted - should be put to the access group with this JPQL constraint.

The documentation is here: Constraints - CUBA Platform. Developer’s Manual

An example of using JPQL constraints in the forum: Group constraint at design time - #2 от пользователя albudarov

Tutorial video of using runtime access groups (old but useful) : CUBA platform — Access Groups - YouTube

If you post details of your data model (how clients are connected with users), we’ll be able to present examples of JPQL constraint clauses.

1 Like

Hi,

  1. Natalia changed the label of my question. It can be seen in the history of the post.

  2. I copy from the Free Support “We always try to answer each new question quickly but the speed heavily depends on staff availability and difficulty of the question.”

  3. Even now I still have no answer. Subsequent posts have been answered.

  4. We pay a Premium license and Free Support is a service offered within Cuba. If subsequent posts are resolved I think mine should not be deliberately cornered.

  5. I appreciate that the images are no longer visible.

Regards,

If it is still the case, then in order to help, forum users need more details, code samples, or more specific questions, or something you already have tried to do and it doesn’t work.

Our platform is multi-company. Employees and customers can only view information about their companies (id_empresa). I created the Acess Group with the constraint in JPQL and added the users. But it does not work…

Do you fill session attribute “empresa_id” somehow?
The constraint won’t work unless you specify the value of the session attribute either from code or in the Access Group → Session Attributes tab.

From your description it feels like your requirements can be satisfied by using the single-database multitenancy add-on: Multitenancy – CUBA Platform

Hi,
Captura de pantalla de 2021-07-16 16-34-54

If I fill the session attribute value with the value of “company_id”, the UUID of the company, then I need to make a group for each company. That is, 1000 groups if I have 1000 companies … This is exactly what I would like to avoid.

Session Attribute

Can Multitenancy provide a more optimal solution?

Hello Venesa,

I’m not a Haulmont employee, just a community member. But I can attest to the Multitenancy add-on that is offered in the Cuba Marketplace. I have used it in an app for multiple companies, and it works quite well. You will still have to set up a Tenant for each company. Then for each user of that company, they need be assigned to the Tenant you set up for them. After that, if memory serves correctly, each entity that you want to function under multitenancy (so they only see their own tenant’s data) needs to be defined as the multitenant type of entity, which is all included in the documentation.

I know this solution is more difficult than simply having the company_id detected and it acting accordingly as multitenancy-oriented, but to my knowledge, this is the entire reason for the Multitenancy add-on being created in the first place. It solves your issue, but it does require hands on work to set it up correctly. After it’s set up correctly, it works quite nicely.

I hope that breaks it down a bit for you.

Cheers!
Adam

@adam5sbass

Hi Adam,

Thank you very much. I appreciate that you have given me the answer to my problem. I will study multitenancy and try to implement it correctly.

Regards,
Vanesa G.

Happy to help, Vanesa.

Make sure to mark my comment as the solution so they know that it doesn’t need further action. Have a great week!

Adam