OpenID Parametric Roles Script Examples

Note: The following script examples were created as part of demonstrating Parametric Roles in combination with a Windows Security AD.

In the first screenshot, the Default script (clicking the Default button) has been inserted (the line with replace_roles: null has been removed).

Furthermore, a 'Test login with current Windows user' has been activated. The latter produces several userClaims and userClaimsAD keys and values. These keys and their values are exactly what can be extremely useful when working with Parametric Roles. 

mceclip0.png

 

Script example #1: Fixed startup Document

function(userClaims, userClaimsAD) {
return {
roles: {
startup_view: "vfs://Global/Training/Simple Revenue Analysis.xview"
}
};
}

 

Script example #2: Fixed role Name

function(userClaims, userClaimsAD) {
return {
roles: {
name: "ParametricRole01",
startup_view: "vfs://Global/Training/Simple Revenue Analysis.xview"
}
};
}

 

Script example #3: Parametric role Name

This is the first example where values from the userClaimsAd (GivenName and Surname) are used to build something unique to the logged in user.

function(userClaims, userClaimsAD) {
return {
roles: {
name: userClaimsAD["GivenName"] + " " + userClaimsAD["Surname"] + " - Personal Role",
startup_view: "vfs://Global/Training/Simple Revenue Analysis.xview"
}
};
}

When this script is run, and the 'Look up user permissions' button is clicked, you can see that the values are now used to provide a named role (in addition to the Full Access role):

mceclip1.png

 

Script example #4: Parametric Forced Criteria

In this example, we will set up a forced criteria for the Country attribute in the Customer dimension. The Country value is picked from the Description userClaimsAD.

function(userClaims, userClaimsAD) {
return {
roles: {
name: userClaimsAD["GivenName"] + " " + userClaimsAD["Surname"] + " - Personal Role",
startup_view: "vfs://Global/Training/Simple Revenue Analysis.xview",
forcedcriteria: {"[TARGIT Online Demodata].[Sales].[Customer Country].[Customer Country]":["[Customer.Country].&["+userClaimsAD["Description"]+"]"]}
}
};
}

After the script is run, clicking the 'Look up user permissions' button will result in this:

mceclip2.png

Example with multiple Forced Criteria in play:

function(userClaims, userClaimsAD) {
return {
roles: {
name: userClaimsAD["GivenName"] + " " + userClaimsAD["Surname"] + " - Personal Role",
startup_view: "vfs://Global/Training/Simple Revenue Analysis.xview",
forcedcriteria: {
"[TARGIT Online Demodata].[Sales].[Customer Country].[Customer Country]":["[Customer.Country].&["+userClaimsAD["Description"]+"]"],
"[TARGIT Online Demodata].[Sales].[Company].[Company]":["[Company].&["+userClaimsAD["Department"]+"]"],
 "[TARGIT Online Demodata].[Sales].[Manager].[Manager]":["[Manager].&["+userClaimsAD["EmployeeID"]+"]"]
}
}
};
}

 

Script example #5: Conditional user check

In this example, the user login is checked before applying the parametric Startup document, Forced criteria etc. If the user does not match the condition, the script will return no role changes.

function(userClaims, userClaimsAD) {
if (userClaimsAD["EmailAddress"] != "od@targit.com") {return { };}
return {
roles: {
name: userClaimsAD["GivenName"] + " " + userClaimsAD["Surname"] + " - Personal Role",
startup_view: "vfs://Global/Training/Simple Revenue Analysis.xview",
forcedcriteria: {"[TARGIT Online Demodata].[Sales].[Customer Country].[Customer Country]":["[Customer.Country].&["+userClaimsAD["Description"]+"]"]}
}
};
}

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.