This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Defining Table Permissions

Posted on 01-09-2020 03:20 PM
Daisy_Ramirez
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

Hello, Iโ€™m looking to define my table permissions by user role and tried IFS(). Iโ€™m a role โ€œS_USR_ROLE_ADMINโ€ in the user table but itโ€™s only providing read only access. Is the expression incorrect? Is there a better way of doing this?

2X_2_29698dff8993262215686d3afa1102337e6baa00.png

0 9 597
Topic Labels
0 Likes
9 REPLIES 9

Posted on --/--/---- --:-- AM
Jonathan_S
New Member
Reply posted on --/--/---- --:-- AM

I believe the way you wrote your expression it is checking to see if Role is also equal to email.
Thats why you are getting ready only access.

Did you try to use a AND expression in your formula and have 2 separate checks?

Posted on --/--/---- --:-- AM
Steve
Platinum 4
Platinum 4
Reply posted on --/--/---- --:-- AM

ALL CHANGES and READ ONLY should be ALL_CHANGES and READ_ONLY. Note the underscores (_).

IFS(
LOOKUP(USEREMAIL(),"users","Email","Role")="S_USR_ROLE_ADMIN","ALL_CHANGES",
LOOKUP(USEREMAIL(),"users","Email","Role")="S_USR_ROLE_DISPAT","READ_ONLY"
)

Because of a quirk in the behavior of the is-equal-to operator (=), itโ€™s possible a logged-in user that isnโ€™t present in the users table or that has no Role assigned may be granted ALL_CHANGES access. When using the is-equal-to operator, itโ€™s best to put a value that can never be blank on the left side, like this:

IFS(
"S_USR_ROLE_ADMIN"=LOOKUP(USEREMAIL(),"users","Email","Role"),"ALL_CHANGES",
"S_USR_ROLE_DISPAT"=LOOKUP(USEREMAIL(),"users","Email","Role"),"READ_ONLY"
)

In general, and especially when dealing with security, itโ€™s good practice to define a default value in case none of your conditions match:

IFS(
"S_USR_ROLE_ADMIN"=LOOKUP(USEREMAIL(),"users","Email","Role"),"ALL_CHANGES",
"S_USR_ROLE_DISPAT"=LOOKUP(USEREMAIL(),"users","Email","Role"),"READ_ONLY",
TRUE,"READ_ONLY"
)

Your expression includes two identical LOOKUP() sub-expressions. LOOKUP() is expensive, so reducing its use would benefit performance. You could rewrite your expression using SWITCH():

SWITCH(
LOOKUP(USEREMAIL(),"users","Email","Role"),
"S_USR_ROLE_ADMIN","ALL_CHANGES",
"S_USR_ROLE_DISPAT","READ_ONLY",
"READ_ONLY"
)

Posted on --/--/---- --:-- AM
Suvrutt_Gurjar
Platinum 1
Platinum 1
In response to Steve
Reply posted on --/--/---- --:-- AM

An insightful response @Steve in all respects- especially for recommended use of SWITCH () for efficiency, use of default value in expressions and that catch in expression READ ONLY instead of required READ_ONLY

Posted on --/--/---- --:-- AM
Daisy_Ramirez
Silver 5
Silver 5
In response to Steve
Reply posted on --/--/---- --:-- AM

Outstanding stuff! Reviewing it closely now - thanks again Steve!

Posted on --/--/---- --:-- AM
Daisy_Ramirez
Silver 5
Silver 5
In response to Steve
Reply posted on --/--/---- --:-- AM

Worked perfectly Steve! A million thanks!

Posted on --/--/---- --:-- AM
James_Fussell1
Bronze 2
Bronze 2
In response to Steve
Reply posted on --/--/---- --:-- AM

Is it possible to have an overriding condition to allow the Switch to work? Example: The Switch only works if you belong to the Blue Group?

0 Likes

Posted on --/--/---- --:-- AM
Marc_Dillon
Platinum 1
Platinum 1
In response to James_Fussell1
Reply posted on --/--/---- --:-- AM

You mean like nesting a Switch inside of an IF expression?

IF( something = โ€œBlue Groupโ€ , SWITCH(โ€ฆ) , โ€œREAD_ONLYโ€)

Posted on --/--/---- --:-- AM
James_Fussell1
Bronze 2
Bronze 2
In response to Marc_Dillon
Reply posted on --/--/---- --:-- AM

Correct. Can you help with that?

0 Likes

Posted on --/--/---- --:-- AM
Marc_Dillon
Platinum 1
Platinum 1
In response to James_Fussell1
Reply posted on --/--/---- --:-- AM

Sure

0 Likes
Top Labels in this Space