The CreatorCon Call for Content is officially open! Get started here.

Restrict Import XML Context Menu on Prod Instances

iDNS
Tera Expert

Hi,

 

I have been trying to restrict the visibility of 'Import XML' Context button on Prod Instances, I have tried to modify the condition on the Context Menu to below but the button seems to be visible to all 'admin' Users. 

 

I have tried to break it down for all 3 scenarios, neither of them seem to work.

  1. All the conditions
  2. User has role of 'import_admin_xml'
  3. Instance is 'xxxxxdev'

I have further tried to update the System Property 'glide.ui.admin_import_xml_roles' value from 'admin' to 'import_admin_xml'. without any luck. 

 

Has anyone implemented this before or have any advice on how I could achieve it? Thanks in advance!!!

 

//Initial Condition
(gs.hasRightsTo("ui/context_menu.import_xml/read", null) && !ListProperties.isRelatedList() && !ListProperties.isRefList() &&!ListProperties.isRemoteTable() && (gs.hasRole('import_admin_xml'))) || (gs.getProperty('instance_name') == 'xxxxxxxdev')

//Role Condition Only
gs.hasRole("import_admin_xml")

//Instance Condition Only
gs.getProperty('instance_name') == 'xxxxxxxdev'

 

5 REPLIES 5

Abhishek_Thakur
Mega Sage

Hello @iDNS ,

 Yes, we are also using this kind of functionality, where in if users only have security admin then they will see this import xml option. What you can do, instead of using admin role shift it to the security admin role. It should work.

 

Please mark my answer as accepted solution and give thumbs up, if it helps you.

Regards,

Asbhishek

@Abhishek_Thakur , Thanks for the suggestion.

 

I tried changing the property 'glide.ui.admin_import_xml_roles' to 'security_admin', cleared cache but I still see the button for Users without  'security_admin'. 

 

Could you help me how have you implemented it, is it gs.hasRole('security_admin') in your Condition on the Context Menu or the System Property. Thanks 

I just figured this out, if someone is impersonating it wasn't working. I had someone else login & test. It works as expected. Below is my setup if it helps. Thanks

 

Setup:

  • Added a new role 'import_admin_xml' with 'Elevated privilege' marked as True
  • Modified the condition on 'Import XML' Context Menu to handle the below:
    • Allow users with 'admin' & 'import_admin_xml' role OR if the Instance is 'xxxxdev' Instance to Import XML
    • Users would require  'admin' & 'import_admin_xml' to Import XML on UAT/Test & Prod Instance.
    • 'import_admin_xml' has been marked Elevated privilege which ensures one is aware when importing XML (Additional precaution)
  • Update System Properties listed below
    • glide.ui.admin_import_xml_roles - Set to 'import_admin_xml'
    • glide.ui.security.upload.roles - Set to 'admin,import_admin_xml'
gs.hasRightsTo("ui/context_menu.import_xml/read", null) && !ListProperties.isRelatedList() && !ListProperties.isRefList() &&!ListProperties.isRemoteTable() && gs.hasRole('import_admin_xml') || gs.getProperty('instance_name')=='xxxxdev'

This allows all users with 'admin' role to Import XML on Dev whereas restricts them on Test/UAT & Prod for only users with the newly created role 'import_admin_xml'. Thanks

NaveenGN
Tera Expert

Change the condition in this form 

sys_ui_context_menu.do?sys_id=d11613000a0a0b3e007fb501ef22352e&sysparm_view=&sysparm_domain=null&sysparm_domain_scope=null&sysparm_record_row=1&sysparm_record_rows=1&sysparm_record_list=nameSTARTSWITHimport+xml%5eORDERBYorder

as per your conditions

 

NaveenGN_0-1757744551952.png

Please mark my answer as accepted solution and give thumbs up, if it helps you.

Regards,

Naveen