Restrict Import XML Context Menu on Prod Instances

iDNS · 3 weeks ago

Hi,

I have been trying to restrict the visibility of 'Import XML' Context button on Prod Instances, I have tried to modify the condition on the Context Menu to below but the button seems to be visible to all 'admin' Users.

I have tried to break it down for all 3 scenarios, neither of them seem to work.

All the conditions
User has role of 'import_admin_xml'
Instance is 'xxxxxdev'

I have further tried to update the System Property 'glide.ui.admin_import_xml_roles' value from 'admin' to 'import_admin_xml'. without any luck.

Has anyone implemented this before or have any advice on how I could achieve it? Thanks in advance!!!

//Initial Condition
(gs.hasRightsTo("ui/context_menu.import_xml/read", null) && !ListProperties.isRelatedList() && !ListProperties.isRefList() &&!ListProperties.isRemoteTable() && (gs.hasRole('import_admin_xml'))) || (gs.getProperty('instance_name') == 'xxxxxxxdev')

//Role Condition Only
gs.hasRole("import_admin_xml")

//Instance Condition Only
gs.getProperty('instance_name') == 'xxxxxxxdev'

Abhishek_Thakur · 3 weeks ago

Hello @iDNS ,

Yes, we are also using this kind of functionality, where in if users only have security admin then they will see this import xml option. What you can do, instead of using admin role shift it to the security admin role. It should work.

Please mark my answer as accepted solution and give thumbs up, if it helps you.

Regards,

Asbhishek

iDNS · 3 weeks ago

@Abhishek_Thakur , Thanks for the suggestion.

I tried changing the property 'glide.ui.admin_import_xml_roles' to 'security_admin', cleared cache but I still see the button for Users without 'security_admin'.

Could you help me how have you implemented it, is it gs.hasRole('security_admin') in your Condition on the Context Menu or the System Property. Thanks

iDNS · 3 weeks ago

I just figured this out, if someone is impersonating it wasn't working. I had someone else login & test. It works as expected. Below is my setup if it helps. Thanks

Setup:

Added a new role 'import_admin_xml' with 'Elevated privilege' marked as True
Modified the condition on 'Import XML' Context Menu to handle the below:
- Allow users with 'admin' & 'import_admin_xml' role OR if the Instance is 'xxxxdev' Instance to Import XML
- Users would require 'admin' & 'import_admin_xml' to Import XML on UAT/Test & Prod Instance.
- 'import_admin_xml' has been marked Elevated privilege which ensures one is aware when importing XML (Additional precaution)
Update System Properties listed below
- glide.ui.admin_import_xml_roles - Set to 'import_admin_xml'
- glide.ui.security.upload.roles - Set to 'admin,import_admin_xml'

gs.hasRightsTo("ui/context_menu.import_xml/read", null) && !ListProperties.isRelatedList() && !ListProperties.isRefList() &&!ListProperties.isRemoteTable() && gs.hasRole('import_admin_xml') || gs.getProperty('instance_name')=='xxxxdev'

This allows all users with 'admin' role to Import XML on Dev whereas restricts them on Test/UAT & Prod for only users with the newly created role 'import_admin_xml'. Thanks

NaveenGN · 3 weeks ago

Change the condition in this form

sys_ui_context_menu.do?sys_id=d11613000a0a0b3e007fb501ef22352e&sysparm_view=&sysparm_domain=null&sysparm_domain_scope=null&sysparm_record_row=1&sysparm_record_rows=1&sysparm_record_list=nameSTARTSWITHimport+xml%5eORDERBYorder

as per your conditions

Please mark my answer as accepted solution and give thumbs up, if it helps you.

Regards,

Naveen