Is user in group?



is it possible to make a rule in a form that checks if the current user is in a specific AD group?





Best answer by BesM 11 July 2019, 12:42

View original

6 replies

Userlevel 2

Hello  @JSC,


There are some similar topics here on community about how to do that.

Please check this out:


And this too:


Advanced condition:


Should you find the above information useful kindly mark as "Accepted Solution and/or Kudo", as this will assist other community members looking for related information.




[K2 will not accept any liability for any issues arising from actions taken in respect of the information provided by any forum member]


Badge +10

Hi Johan


The easiest way is to use the SystemManagementUserManagementSmartObjectsUMUser SmartObject > Get Group Users Method in an Execute a smartobject method rule. You can then use the Current user FQN as a filter and save the output to a Form parameter.


This Form Parameter can then be used in an advances condition.


If the parameter contains a value, the user is a member. If not, they are not a member.






thanks for the links. This is how we already planned and tried to solve it but it never worked for us...I thought I am doing something wrong but I think instead it is a bug:


If we filter this results we get different results depending the group we put in.

Lets say we have two groups "group A" and "group B"
In "group A" the user "X" is a direct member and in "group B" the user "X" is meber of another group that is member in "group B" (not a direct member!)

Please Notice: for the Service Instance you have to set up "ResolveNestedGroups = True" to make this work

If you now fire the method "GetUserByGroup" for both groups you will get user "X" for both groups as a result. (the 2nd group only works after you set up the setting above)
But if you execute the method *and* filter the results (it does not matter how you filter!), the first group will still work but the "group B" will not work anymore...

Does anyone have these problems, too?




OK I found the Solution here by myself...

For you the info:
In the Service Instance there is another setting called "ReturnAllUsersInNestedGroups" and it must be set to "True" also in order to work...
(I do not understand why, maybe someone knows?)
This SmartObject is not working for us because it ignores nested groups...
is it quicker than the normal AD SmartObjects?
Userlevel 2

Hello  @JSC,


I am glad you managed to fix this and thanks for keeping us posted.