I'm using the GroupMembersComboboxVarTag in a form. Now, I defined an user inside a group and give permissions to that group to init process instances for the process. Well, the como box are not including values. I was looking at all possible permissions but I'm not able to solve it. (with Administrator user is ok).
Please tell me what I'm missing about permissions.
Regards,
Martin.-
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The problem was that the current actor can not list the users from group specified within var tag. I was reading the Runa documentation and followed all steps about permissions. (over time demo)
Well, I solved it finally but.... I had to update the "actor" permissions (in owner permissions) including the group "all" with "read" permission. Can you explain me why? I tought that you have to deal only with Group permissions and actors inherited all stuff. Is this a missfunctionality or I'm doing something wrong? All users are in "all" group and I included this "all" group within rest of groups with "list" permission properly.
Please, I need to get clear with this issue.
Regards,
Martin.-
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It is necessary that current user has read permission on new user. (As a variant "all" group may has read permission on new user, and current user is a member of "all" group).
Administrator have read permissions on all created users.
Regards,
Andrei
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It is working, but please read carefully what I described. (My example about user and groups A and B doesn't work)
Andrei told me this: "It is necessary that current user has read permission on new user. (As a variant "all" group may has read permission on new user, and current user is a member of "all" group). "
Why do I have to manage "user" owner permissions instead of "group" ones? I solved it as described by Andrei, but now I have an user that knows about all executors. I thought that I had to only deal with the owner permission of the group that is including my user. I don't know if I'm being clear.
Regards,
Martin.-
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'll try to explain in other words.
If you have actor A that wants to list group G
you must grunt permission list group G to actor A
or you must put actor A to other group that has permission to list group G (in this case actor will inherit group permissions).
Regards,
Vitaliy S
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Re: or you must put actor A to other group that has permission to list group G (in this case actor will inherit group permissions).
That's what I tried to describe before. I did exactly as you mentioned in your second option, but it doesn't work for me. I don't know if something further is required.
Regards,
Martin.-
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
re: I did exactly as you mentioned in your second option, but it doesn't work for me. I don't know if something further is required.
In other words you state that if you grant permission P on object O to group G
than put group G1 to group G than put Actor A to group G1 and actor A doesn't have permission P on object O?
If that's true its a bug and it would be fixed as fast as possible.
We will investigate this problem today.
Regards,
Vitaliy S
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello!
I'm using the GroupMembersComboboxVarTag in a form. Now, I defined an user inside a group and give permissions to that group to init process instances for the process. Well, the como box are not including values. I was looking at all possible permissions but I'm not able to solve it. (with Administrator user is ok).
Please tell me what I'm missing about permissions.
Regards,
Martin.-
Hi Vitaliy,
The problem was that the current actor can not list the users from group specified within var tag. I was reading the Runa documentation and followed all steps about permissions. (over time demo)
Well, I solved it finally but.... I had to update the "actor" permissions (in owner permissions) including the group "all" with "read" permission. Can you explain me why? I tought that you have to deal only with Group permissions and actors inherited all stuff. Is this a missfunctionality or I'm doing something wrong? All users are in "all" group and I included this "all" group within rest of groups with "list" permission properly.
Please, I need to get clear with this issue.
Regards,
Martin.-
Hi Martin,
It is necessary that current user has read permission on new user. (As a variant "all" group may has read permission on new user, and current user is a member of "all" group).
Administrator have read permissions on all created users.
Regards,
Andrei
Hi Andrei,
Re: (As a variant "all" group may has read permission on new user, and current user is a member of "all" group).
That was how I solve it. But so, this is an issue about "user against user" permission. Let me describe what I did before your suggestion.
Group A (user A defined within)
Group B (user B defined within)
A form for user B has a combo tag that must retrieve the actors from Group A.
So, I edited the group B and included in "owner permissions" the Group A (where user A is defined) with "read" and "list" permissions.
This didn't work. I thought it was a logical way to do it, and I avoid the chance that all users know the whole list of executors.
Regards,
Martin.-
Re: So, I edited the group B and included in "owner permissions" the Group A (where user A is defined) with "read" and "list" permissions
I'm sorry... exchange the previous line. :-)
Hello Martin,
From you last post I didn't understand
does it works now for you or not.
Regards,
Vitaliy S
Hi Vitaliy,
It is working, but please read carefully what I described. (My example about user and groups A and B doesn't work)
Andrei told me this: "It is necessary that current user has read permission on new user. (As a variant "all" group may has read permission on new user, and current user is a member of "all" group). "
Why do I have to manage "user" owner permissions instead of "group" ones? I solved it as described by Andrei, but now I have an user that knows about all executors. I thought that I had to only deal with the owner permission of the group that is including my user. I don't know if I'm being clear.
Regards,
Martin.-
Hello Martin,
I'll try to explain in other words.
If you have actor A that wants to list group G
you must grunt permission list group G to actor A
or you must put actor A to other group that has permission to list group G (in this case actor will inherit group permissions).
Regards,
Vitaliy S
Hello Vitaliy,
Re: or you must put actor A to other group that has permission to list group G (in this case actor will inherit group permissions).
That's what I tried to describe before. I did exactly as you mentioned in your second option, but it doesn't work for me. I don't know if something further is required.
Regards,
Martin.-
Hello Martin,
re: I did exactly as you mentioned in your second option, but it doesn't work for me. I don't know if something further is required.
In other words you state that if you grant permission P on object O to group G
than put group G1 to group G than put Actor A to group G1 and actor A doesn't have permission P on object O?
If that's true its a bug and it would be fixed as fast as possible.
We will investigate this problem today.
Regards,
Vitaliy S
Hello Vitaliy,
I'll describe the problem again (it seems it fix with your description):
Definitions:
-------------
Group A (user A defined within)
Group B (user B defined within)
a form for user B has a combo tag that must retrieve the actors from Group A.
So, I edited the group A and included in "owner permissions" the Group B (where user B is defined) with "read" and "list" permissions.
But user B can not list the users from group A (user A in this case)
Please, try to reproduce it... or tell me if my procedure was wrong.
Regards,
Martin.-
Hi Martin,
Re: tell me if my procedure was wrong
You need one more step:
- Edit user A and include in "Permission Owners" Group B (Read permission).
Without this step user B cannot "see" user A at all.
Regards,
Andrei
Thanks Andrei,
Ok, I'll do as you mention but so, the inheritance doesn't apply for this issue?
I thought that I just had to deal with Groups only. I say this because I'll have a lot of "users B" and they all will be included in a group.
Regards,
Martin.-
Hello Martin,
re: the inheritance doesn't apply for this issue?
Once again, if Group has permission on object
all it members have permission on that object.
In your case group did NOT have permission on object thats why Andrei suggests to grant this permission ;-)
Regards,
Vitaliy S