You are viewing limited content. For full access, please sign in.

Question

Question

Help applying repo access rights to Laserfiche Forms team members

Workflow Laserfiche Forms
Updated March 4
asked on January 29 Show version history

I have a Laserfiche Forms business process where tasks are assigned to a Laserfiche Team.  Template files are then copied to a repo folder through workflow so they can edit, but the individual team members can't view the files as they don't have access rights to the folder or files.

I can't find how to apply repo access rights to Forms Team members in Workflow.

You can apply rights to an individual user account through the Assign Rights action, so I started down the rabbit hole of trying to obtain every member of the team through SQL and then run a For Each to apply access rights to the individual.  The only problem is my SQL query keeps returning users that are not part of the team and I'm not sure why.

DECLARE @teamName VARCHAR(100);
SET @teamName = 'My Team Name';

SELECT
	 t.name AS teamname
	,t.id AS teamid
	,u.username
	,u.user_id AS username_id
	,u.displayname
	,u.email	
	,tm.leave_date

FROM [LF_FORMS].[dbo].[cf_users] AS u  --user table

INNER JOIN [LF_FORMS].[dbo].[team_members] AS tm  --team membership one-to-many table
	ON tm.[user_group_id] = u.[user_id]
	AND tm.leave_date IS NULL  --check to see if user has left the team
	AND u.is_activated = '1'   --check to see if user has active account

INNER JOIN [LF_FORMS].[dbo].[teams] AS t  --team table
	ON t.id = tm.team_id

WHERE t.name = @teamName

Has anyone else already solved this with a better method?  If not, is there a suggestion to retool my SQL query to properly obtain team members?

 

Thank you!

0 0

Answer

SELECTED ANSWER
replied on January 30

You can use an AD group which populates your Forms team as well as your Repository Group.

1 0

Replies

replied on January 29

I usually set repository access separately.  You could setup Repository Groups that match your Forms teams and pre-build out your repository structure with the access the group needs.  Then when you save your forms process to the repository use the structure you've already created.

2 0
replied on January 30

Thank you Craig, this is a much simpler way to do access rights - and I don't have to fight with SQL that's not working like it should.  I will give this a try!

1 0
replied on January 30

Hi Craig, I started doing as you suggested to create a Repository Group name that matched the Forms Team Name.  This makes sense and is easy to assign folder rights to a Repository Group - but the next question is membership. 

The Laserfiche Forms Team has members, but the Repository Group does not (yet).  If I manually populate the Repository Group members with the same Team Members, but someone leaves the Laserfiche Forms Team, that permission would still remain for the Repository Group.

In your setup, how do you keep the membership the same for a Laserfiche Forms Team and a Repository Group?  Do you do that manually or do you have a workflow to accomplish this?

0 0
SELECTED ANSWER
replied on January 30

You can use an AD group which populates your Forms team as well as your Repository Group.

1 0
replied on January 31 Show version history

In case this thread is found in the future, I did fix the SQL query to properly pull Team members.  However, I really like Craig's simple solution, so I'm going to use it instead.

Thank you!

-- Desired output is a list of users and groups for a specific team name
DECLARE @teamName VARCHAR(100);
SET @teamName = 'My Team Name';

SELECT
     t.name AS teamname
    ,t.id AS teamid
    ,COALESCE(u.username, gp.full_group_name) AS name -- If it's a user, use username; otherwise, use group name
    ,COALESCE(u.user_id, gp.group_id) AS entity_id -- Get the correct ID for both users and groups
    ,u.displayname
    ,u.email    
    ,tm.leave_date
    ,CASE 
        WHEN u.user_id IS NOT NULL THEN 'User' 
        WHEN gp.group_id IS NOT NULL THEN 'Group' 
        ELSE 'Unknown' 
     END AS entity_type -- Helps identify whether it's a user or a group
    ,gp.group_type

FROM [LF_FORMS].[dbo].[team_members] AS tm  -- team membership one-to-many table

INNER JOIN [LF_FORMS].[dbo].[teams] AS t  -- team table
    ON t.id = tm.team_id
    AND tm.leave_date IS NULL  -- check to see if user/group has left the team

-- LEFT JOIN to users (when tm.type = 0)
LEFT JOIN [LF_FORMS].[dbo].[cf_users] AS u
    ON tm.user_group_id = u.user_id
    AND tm.type = 0 -- only return user objects, not groups
    AND u.is_activated = '1'   -- check to see if user has an active account

-- LEFT JOIN to groups (when tm.type = 1)
LEFT JOIN [LF_FORMS].[dbo].[cf_usergroups] AS gp
    ON tm.user_group_id = gp.group_id
    AND tm.type = 1 -- only return group objects, not users

WHERE t.name = @teamName;

 

2 0
replied on March 4 Show version history

The use case I'm looking at is a Customer Portal for Invoices, where the customers will on board their own users. The new V12 workflow tasks are great for the Directory Service and Repository set up, but there is no clear path to automatically granting Forms permissions.

Basically, we are going in the opposite direction, Repo user => Forms permissions.

The goal is to provide a high level of self service, as the external group is quite large and will change frequently.

Your SQL is well done and shows a lot of the Forms DB structure.  If we find a way to add a user to a Team, I'll post the update.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...