ftos.identity.authz.setGrantTagToUser

IMPORTANT!  
Starting with v24.3.0, this is renamed from server.customSecurity.setGrantTagToUser to ftos.identity.authz.setGrantTagToUser.

Assigns a custom data ownership tag to a user account.

Use the ftos.identity.authz.createGrantTag method to create the tag.

Use the ftos.identity.authz.setGrantTagOnRecord method to specify the entity records to which the user has CRUD (Create, Read, Update, Delete) privileges. Ensure that the Support Data Ownership Custom Scope option is enabled for these entities in the business entity editor.

IMPORTANT!  
The target user account must have a security role with Custom security scopes for the target entities.

This is a data service method for business service components.

Syntax

Copy 
ftos.identity.authz.setGrantTagOnRecord(userId : string, dataOwnershipGrantId: string): void;
 
Parameter Type Description
userId string ID of the user account to receive CRUD privileges.
dataOwnershipGrantId string Data ownership tag ID (created using the ftos.identity.authz.createGrantTag method).

Examples

In this example, we wish to assign two different users with access to the same bank account, which means that both user accounts will need to CRUD privileges over the same record in the bankAccounts entity:

  • We use the ftos.identity.authz.createGrantTag method to generate a data ownership tag and we save it in the tagId variable.
  • We use the ftos.identity.authz.setGrantTagOnRecord method to assign the tag to the 76e61107-3729-4a46-bc70-435086ce0571 record in the bankAccounts entity.
  • We assign the tag to user accounts d4ba4503-bddd-4ac9-a8ff-0b9e99572af3 and 2FE5697F-56D7-4BE3-B61B-D3CF16FA0E13.
Copy 
var tagId = ftos.identity.authz.createGrantTag("Joint account 61");
ftos.identity.authz.setGrantTagOnRecord("bankAccounts", "76e61107-3729-4a46-bc70-435086ce0571", tagId);
ftos.identity.authz.setGrantTagToUser("d4ba4503-bddd-4ac9-a8ff-0b9e99572af3", tagId);
ftos.identity.authz.setGrantTagToUser("2FE5697F-56D7-4BE3-B61B-D3CF16FA0E13", tagId);