Skip to main content

Hi

 

Is there a SmartObject which truly returns all the Roles that a User is a member of?

 

Scenario:

I created a new Role and then added an Active Directory Group to it  (I am a member of that Group).

 

Test:

  • Under System > Management > Users folder I found the  UserRole SmartObject
  • I then executed the built-in IsUserAMemberOfRole method
  • However, after entering the RoleName and my UserName, it returned false.

 

If I delete the Group and manually enter my user individually, it works fine. I suspect this method does not interrogate what Users are within the Groups in the role..?

 

Question:

Are there any other built-in SmartObjects that I should/could be using? I imagine K2 must be leveraging something behind the scenes for it's own security purposes?

 

 

Thanks,

Conrad


10696i7558D05C24774988.jpg

Did you try the UMUser SmartObject? There is a method in there called 'Get Role Users' that returns the list of users in a role.


 

This sounds similar to the issue described in this KB: https://help.k2.com/kb002862. This KB is for 5.2 so you would need to install at least FP8 to get this fix. I would recommend getting the latest fix pack though.

If you are on K2 5.1, the K2 5.1 November 2018 CU should have this fix included: https://help.k2.com/kb002859. 

Hi,

 

Thanks for your responses.

 

I am running K2 Five 5.2 Fix Pack 19 and can confirm the issue occurs in this version.

 

Where would one find the UMUser SmartObject? I do not see it.

 

I am using the UserRole SmartObject based on an article stating that the IsUserMemberOfRole method should return true/ false if User is in the given role.

 

 

Thanks,

Conrad

I have found a Get Roles Users method under the URM Service:

 

Good day Conrad

 

There is not a SmartObject method to execute to input a user name and give the roles that user is apart of. There exist only methods to list users and groups within a role and methods to list users in certain groups. Where there are users within a group and that group is within a specific role you will only see the specific group and not the members within. This entails that you can still receive the desired feedback but will have to execute two SmartObjects from the SmartObject Tester Tool multiple times. These methods only list one single level. You can do either of the following solutions:

 

Solution 1:
You can use the "Find User Groups" method in the UMGroup SmartObject to see a list of groups the user is apart of. Then you can use the "IsUserMemberOfRole" method in the User Role SmartObject and test every group name found in the UMGroup SmartObject to see if one of the listed groups are in the role. This will entail that the user resides in a group of which that group resides in a Role.

 

Solution 2:
Alternatively, you may use the "Find User Groups" method in the UMGroup SmartObject to see a list of groups the user is apart of. Then you can use the "Get Role Items" in the User Role Item SmartObject to see a list of items in a specific role. This entails that If one of the groups listed by the Find User Group method appear in the listed item on the Get Role Items method the user resides in that Role.

 

You may also build a form that will execute a SmartObject and use the output of the first Smart Object for the input of the second one. Keep in mind with many users this form will take longer to load on execution.

 

Regards Jacques.

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings