Note: The following script examples were created as part of demonstrating Parametric Roles in combination with a Windows Security AD.
In the first screenshot, the Default script (clicking the Default button) has been inserted (the line with replace_roles: null has been removed).
Furthermore, a 'Test login with current Windows user' has been activated. The latter produces several userClaims and userClaimsAD keys and values. These keys and their values are exactly what can be extremely useful when working with Parametric Roles.
Script example #1: Fixed startup Document
function(userClaims, userClaimsAD) {
return {
roles: {
startup_view: "vfs://Global/Training/Simple Revenue Analysis.xview"
}
};
}
Script example #2: Fixed role Name
function(userClaims, userClaimsAD) {
return {
roles: {
name: "ParametricRole01",
startup_view: "vfs://Global/Training/Simple Revenue Analysis.xview"
}
};
}
Script example #3: Parametric role Name
This is the first example where values from the userClaimsAd (GivenName and Surname) are used to build something unique to the logged in user.
function(userClaims, userClaimsAD) {
return {
roles: {
name: userClaimsAD["GivenName"] + " " + userClaimsAD["Surname"] + " - Personal Role",
startup_view: "vfs://Global/Training/Simple Revenue Analysis.xview"
}
};
}
When this script is run, and the 'Look up user permissions' button is clicked, you can see that the values are now used to provide a named role (in addition to the Full Access role):
Script example #4: Parametric Forced Criteria
In this example, we will set up a forced criteria for the Country attribute in the Customer dimension. The Country value is picked from the Description userClaimsAD.
function(userClaims, userClaimsAD) {
return {
roles: {
name: userClaimsAD["GivenName"] + " " + userClaimsAD["Surname"] + " - Personal Role",
startup_view: "vfs://Global/Training/Simple Revenue Analysis.xview",
forcedcriteria: {"[TARGIT Online Demodata].[Sales].[Customer Country].[Customer Country]":["[Customer.Country].&["+userClaimsAD["Description"]+"]"]}
}
};
}
After the script is run, clicking the 'Look up user permissions' button will result in this:
Example with multiple Forced Criteria in play:
function(userClaims, userClaimsAD) {
return {
roles: {
name: userClaimsAD["GivenName"] + " " + userClaimsAD["Surname"] + " - Personal Role",
startup_view: "vfs://Global/Training/Simple Revenue Analysis.xview",
forcedcriteria: {
"[TARGIT Online Demodata].[Sales].[Customer Country].[Customer Country]":["[Customer.Country].&["+userClaimsAD["Description"]+"]"],
"[TARGIT Online Demodata].[Sales].[Company].[Company]":["[Company].&["+userClaimsAD["Department"]+"]"],
"[TARGIT Online Demodata].[Sales].[Manager].[Manager]":["[Manager].&["+userClaimsAD["EmployeeID"]+"]"]
}
}
};
}
Script example #5: Conditional user check
In this example, the user login is checked before applying the parametric Startup document, Forced criteria etc. If the user does not match the condition, the script will return no role changes.
function(userClaims, userClaimsAD) {
if (userClaimsAD["EmailAddress"] != "od@targit.com") {return { };}
return {
roles: {
name: userClaimsAD["GivenName"] + " " + userClaimsAD["Surname"] + " - Personal Role",
startup_view: "vfs://Global/Training/Simple Revenue Analysis.xview",
forcedcriteria: {"[TARGIT Online Demodata].[Sales].[Customer Country].[Customer Country]":["[Customer.Country].&["+userClaimsAD["Description"]+"]"]}
}
};
}
Comments
Please sign in to leave a comment.