Filtering option list values based on security in UCM
By Kyle Hatlestad on Dec 20, 2010
Fellow UCM blog writer John Sim recently posted a comment asking about filtering values based on the user’s security. I had never dug into that detail before, but thought I would take a look. It ended up being tricker then I originally thought and required a bit of insider knowledge, so I thought I would share.
- The first step is to create the option list table in Configuration Manager. You want to define the column for the option list value and any other columns desired. You then want to have a column which will store the security attribute to apply to the option list value. In this example, we’ll name the column ‘dGroupName’.
- Next step is to create a View based on the new table. For the Internal and Visible column, you can select the option list column name. Then click on the Security tab, uncheck the ‘Publish view data’ checkbox and select the ‘Use standard document security’ radio button.
- Click on the ‘Edit Values…’ button and add the values for the option list. In the dGroupName field, enter the Security Group (or Account if you use Accounts for security) to apply to that value.
- Create the custom metadata field and apply the View just created.
- The next step requires file system access to the server. Open the file [ucm directory]\data\schema\views\[view name].hda in a text editor. Below the line ‘@Properties LocalData’, add the line:schSecurityImplementorColumnMap=dGroupName:dSecurityGroupThe ‘dGroupName’ value designates the column in the table which stores the security value. ‘dSecurityGroup’ indicates the type of security to check against. It would be ‘dDocAccount’ if using Accounts.
Save the file and restart UCM.
Now when a user goes to the check-in page, they will only see the options for which they have read and write privileges to the associated Security Group. And on the Search page, they will see the options for which they have just read access.
One thing to note is if a value that a user normally can’t view on Check-in or Search is applied to a document, but the document is viewable by the user, the user will be able to see the value on the Content Information screen.