Skip to main content
Nintex Community Menu Bar

Sup everyone,

 

Can we talk about Form access via the GetOrganizationalUnitUsers method?

 

At present i use form security and tend to use GetUsersbygroup to distinguish who should access the form.

 

However, i have an instance, where i need to allow access to any users in an Active Directory OU including any OUs underneath it.

 

Any ideas how i can do this? I've tried using the tester tool and in the GetOrganizationalUnitName putting the path like OU=Mydept, DC=domain, dc=com for example. In the filter i put in the AD Name field, but i'm not getting anything back.

 

Any ideas how to get this working?

Sharpharp,

 How many sub OUs are there? Is the group where access is limited small? Have you tried Get Users by Primary OU or by Domain? I am not sure how your Active Directory environment is structured. 

 

You might be able to use the "Initialized" Method to pass the OU to a parameter and do some kind of advanced rule to compare the parameter with a list of OUs or something to that nature. Without knowing anything about the scope and size of the security in the form it is hard to pin point a good way to accomplish this.

 

Here is what we do. Most of our forms are open to the company so anyone can submit. Since the other states are usually restricted to certain approvers or groups of approvers we create an administrative form. Among the the lists in this form we have a list called "User Roles". It is two columns. Username and Role. The owner of the process controls this list. 

 

We have a parameter called roles. When the form initializes we have a rule that compares the name of the user logged into the form and compares it to the user roles list. If the name is on the list and the role in the user roles list is equal to the role for that state then continue with rule execution.

 

Else show an error view. ACCESS DENIED.

 

I am not sure if this is anywhere close to what you are trying to accomplish but maybe it will help.

 

Thanks,

Bryan Peters


Sup Bryan,

 

I had a chat with k2 yesterday about this and we disocvered that the GetOrganizationalUnitUsers is rather limited....

 

There is no point in wasting your time put in the full context in the OU input box, i.e. DC=Superman,OU=Marvel,OU=Comics as that simply doesn't cut the mustard.

 

Our structure is like this:

 

staff (this is a parent OU and has nothing in it except Sub OUs

 -- users (bulk of the staff)

 -- temps

 -- other staff

 

We all have AD groups like allstaff, but would only have the "users" ou in it for instance.

This has worked for me using Getusersbygroup in the past, but now we need to include other users from the sub OUs as well.

 

But i was hoping (and praying) that the GetOrganizationalUnitUsers would do me right, but sadly it does not work with nested OUs (sheds a tear).

So we put in the staff OU initially. Result = Nill, nothing, Nada

Then we put in the users Ou = bingo, a result

 

So this method only works with a single OU and nothing underneath it. We did dabble with putting in multiple GetOrganizationalUnitUsers method using asynchronous lookup, but i've yet to see how much of a hit the form load delay is...

 

Thanks


Reply