• Skip to main content
  • Skip to primary sidebar
  • Home
  • Connect
  • Contact
  • About Us

BareFoot PeopleSoft

Oracle PeopleSoft Tips and Tricks

Tip 043: IsUserInRole Function

March 21, 2018

PeopleCode | Using the IsUserInRole Function to check user security

<< Previous  | Next >>

A. Multiple Uses

Some PeopleSoft pages are developed with multiple types of users in mind. For instance, you may have a basic version of the page available in display-only mode, but still allow certain users to update key information on the page. Access to the extended functionality is usually controlled by PeopleCode, but unfortunately this type of code is all too common:

If %OperatorID = "JENNY"
Or %OperatorID = "RAHUL" Then
   &user_has_access = True;
End-If;

It goes without saying that this would be a nightmare to maintain. The code usually gets forgotten about entirely until a new user comes along and discovers she can’t complete a key job task. Her Operator ID has not been hard-coded into the PeopleCode.

 

B. Role Playing

Instead of hard-coding in this situation, a better option is to create a Security Role, as you normally would in PeopleSoft security. The Role can then be attached to any user who needs access to the extended functionality. It’s also an easy task to add new users to the Role, or remove existing users. Better still, a developer is not required for this task.

To define which role is applicable for a certain level of access, you could again resort to hard-coding, similar to the example above (replacing the Operator ID with a Role name). However, a better approach is to set up the Role Name field on a config page, accessible by a super-user. If you prefer, you can even set up the Role Name in a grid, allowing more than one more Role to be configured for the extended functionality:

 

C. The Final Act

With the Role Name set, a very simple piece of PeopleCode can now handle the requirement, thanks to the ‘IsUserInRole’ function:

If IsUserInRole(&ValidRole_Rec.ROLENAME.Value) Then
   &user_has_access = True;
End-If;

‘&ValidRole_Rec’ must be set to the configuration record containing the authorised role. If multiple Roles are possible, then a loop should be created, setting the ‘&ValidRole_Rec’ object equal to each role in turn.

 

See Also:

Tip058: Creating and Sending Email

<< Previous  | Next >>

Filed Under: PeopleCode Tagged With: Role, Security

Reader Interactions

Primary Sidebar

Categories

  • Administration
  • Application Engine
  • BI Publisher
  • COBOL
  • Data Mover
  • PeopleCode
  • PeopleTools
  • PS Query
  • Security
  • SQL
  • Utilities

Copyright © 2021 Elimbah Consulting Ltd