I want to do the following:
*Create custom role field called 'roletype' (string)
*Create a map/reduce script which triggers when a role is saved, containing following logic:
-Via saved search get all roles which have the same roletype
-Foreach of these copy all permissions off of the mutated role
Is it possible to do this via suitescript? How can I obtain the list of permissions via a role record?
You can use a search to get the roles and their permissions by adding two columns:
Permission : gives you the name of the permission (ex: Accounting Lists, Deleted Records...)
Level : gives you the permission level (ex: Edit, Full...)
But the problem you will face is that the Role record type is available on SuiteScript only to do searches, this means you can not Load and Edit a role using Scripting.
Check the help article:
SuiteCloud Platform > SuiteScript > SuiteScript Records Guide > SuiteScript Supported Records > Lists > Role
Supported Functions
This record is not fully scriptable. Only search is permitted. The
Role record is supported in all search APIs, excluding the duplicate
search APIs.
Related
Does anyone know how to order the results of a query to the Azure AD Graph API using the nuget assembly (https://www.nuget.org/packages/Microsoft.Azure.ActiveDirectory.GraphClient/) by "Created Date" (i.e. when the user was created in the directory?
I can't find any documentation about a property which would contain this. Is the result set automatically ordered in this way?
There is a restriction at the moment on the '$orderby' expressions that can be specified for a Graph API query. From the documentation -
The following restrictions apply to $orderby expressions:
Two sort orders are currently supported: DisplayName for User and Group objects, and UserPrincipalName for User objects. The default sort order for users is by UserPrincipalName.
So even if the 'Created Date' was exposed as property on the User I doubt the query will work.
I want to get all the options for my role.
Example :
i have attached the role's page image. i need the following permissions using RESTlet code.
List->Permissions and its level
Setup->Permissions and its level
For the most part you should be able to use:
nlapiGetContext().getPermission('permission_id')
to access the current role permissions. There is a full list of accessible permissions in the NetSuite Help Center. Search for: "Permission Names and IDs".
I need lead, prospect, customer, other name and contact also..
Lead, Prospect, and Customer records are all the same permission LIST_CUSTJOB
Other name is LIST_OTHERNAME
Contact in LIST_CONTACT
You can extract permission id's not listed in the help center by viewing the xml body of the role records. Append &xml=t to the url of any role(or record) in NS. eg:
https://system.na1.netsuite.com/app/setup/role.nl?id=1008&e=T&xml=t
Find the appropriate permission list, and try your permission value out. It's all outside the documentation, so your mileage may vary.
I am using SuiteTalk web services and trying to use SubsidiarySearch to retrieve all Subsidiary records:
SubsidiarySearchBasic srch = new SubsidiarySearchBasic();
srch.setIsInactive(new SearchBooleanField(false));
SearchResult res = stub.search(srch);
I login using a customized role based on NetSuite's standard "System Administrator" role, with various extra permissions added. In particular, this role has "Subsidiaries" permissions set to "Full". However, the above code returns the following status, using this Java code:
Type=ERROR
Code=INSUFFICIENT_PERMISSION
Detail=Permission Violation: The subsidiary restrictions on your role prevent you from seeing this record.
The above code succeeds when I use the standard "Administrator" role (internal id "3") but I would like to use a customized role. What permissions do I need for a successful result?
Make sure all the subsidiaries are exposed or the top most subsidiary is selected for this role, and also make sure the employee, department and location restrictions are set correctly.
It may be happening because of the restrictions in the employee record. if you have set the subsidiary or location in your employee record which is not the top most one then you will not be able to get all the subsidiary while searching. To resolve it, select the top most subsidiary in the employee record and do not select any location. Also, do not select any subsidiary in the role. Cheers
I am editing user security and am trying to give a user access to an e.List item. I select the user using the [...] button and successfully find that user by searching in our AD domain.
After I select the user and press OK, that user does not come into the CAC, just this error The filter will only accept groups and roles. Users will not be added to the filter. I don't see any filters here at all.
Have you seen this before and is it possible to set up security by users?
Thank you,
WE
Answer from ericlfg on http://www.cognoise.com/community/index.php/board,15.0.html:
Hi William,
The message you are receiving is by design. In order to add a specific user, rather than a group or role, that use needs to be a member of some kind of hierarchy in your security provider.
Ex: If you're using cognos groups and roles with a Role called "Test". You would populate this test role with members from your namespace. In the CAC, you would then select the Test group when you click on the elipsis and then that will allow you to select your individual user (or alternatively the Test role).
The same would be true if you're trying to add members directly from your 3rd party authentication provider. The individual users need to be part of a roll-up role or group in order to add that roll-up role or group to the filter. Once added to the filter you can select the individual users.
Hope this helps.
We're trying to set up a workflow for approval of an item in a list in Sharepoint 2010, where whenever a user creates an item in the list, it automatically routes to their manager for approval before being added to the queue of work items. We'd also like to go a step further and recursively query up the heirarchy until we reach a user with a specific "Job Title".
We use the "manager" attribute and "title" attribute in user profiles so we should be able to poll all this info from AD.
Anyone have any experience or thought as in how to accomplish this task?
Thanks for the help.
+1 to what Patricker suggested with respect to user profile traversal. For AD Query assuming you are using an MS product for AD, create an LDAP Query.
You should be able to figure out lot of tools as well to build LDAP queries. My personal favorite is Search Using Active Directory Users and Computers
To execute LDAP queries via .Net you would use classes in System.DirectoryService namespace