PeopleCode | Using the IsUserInRole Function to check user security
A. Multiple Uses
Some PeopleSoft pages are developed with multiple types of users in mind. For instance, you may have a basic version of the page available in display-only mode, but still allow certain users to update key information on the page. Access to the extended functionality is usually controlled by PeopleCode, but unfortunately this type of code is all too common:
If %OperatorID = "JENNY" Or %OperatorID = "RAHUL" Then &user_has_access = True; End-If;
It goes without saying that this would be a nightmare to maintain. The code usually gets forgotten about entirely until a new user comes along and discovers she can’t complete a key job task. Her Operator ID has not been hard-coded into the PeopleCode.
B. Role Playing
Instead of hard-coding in this situation, a better option is to create a Security Role, as you normally would in PeopleSoft security. The Role can then be attached to any user who needs access to the extended functionality. It’s also an easy task to add new users to the Role, or remove existing users. Better still, a developer is not required for this task.
To define which role is applicable for a certain level of access, you could again resort to hard-coding, similar to the example above (replacing the Operator ID with a Role name). However, a better approach is to set up the Role Name field on a config page, accessible by a super-user. If you prefer, you can even set up the Role Name in a grid, allowing more than one more Role to be configured for the extended functionality:
C. The Final Act
With the Role Name set, a very simple piece of PeopleCode can now handle the requirement, thanks to the ‘IsUserInRole’ function:
If IsUserInRole(&ValidRole_Rec.ROLENAME.Value) Then &user_has_access = True; End-If;
‘&ValidRole_Rec’ must be set to the configuration record containing the authorised role. If multiple Roles are possible, then a loop should be created, setting the ‘&ValidRole_Rec’ object equal to each role in turn.