There are 4 tab options in the AdminSingleUser system menu.
- User Details
- User Preferences
- User Security Profile
- User Activity History
SELECT * from UserSettings where USet_UserID=1 AND Uset_Key = N'AdminLastView'
select * from vSearchListUser where User_UserId=4
select ChLi_Channel_ID from Channel_Link where ChLi_User_ID = 4
SELECT * FROM vUsers WHERE User_TemplateName = N'Default User Template'
This generated the following SQL:
SELECT * from UserSettings where USet_UserID=4 AND Uset_Key = N'AdminLastView'
select * from vSearchListUser where User_UserId=4
select ChLi_Channel_ID from Channel_Link where ChLi_User_ID = 4
SELECT * FROM vUsers WHERE User_TemplateName = N'Default User Template'
- User Details
- User Preferences
- User Security Profile
I added an Extra Tab to the AdminSingleUser that would call an ASP page. The tab appeared for both the System Administrator and the Info Manager with User Admin Rights. There was no change in the SQL that underlay this screen.
I put a condition on the preferences tab
user_primarychannelid = 5
This should mean that only people in the Operations Team should see this tab.
The new tab disappeared for both my Info Manager and the Full System Administrator. The System Admin in the default system demo data is in the Operations team! So why didn't it appear for the user??
The SQL under the screen now includes an extra check. This is the SQL for the Info Manager!
select * from vusers where (user_userid=4) AND (user_primarychannelid=5 AND (user_disabled = N'' OR user_disabled IS NULL) AND (user_istemplate = N'' OR User_IsTemplate=N'N' OR user_istemplate IS NULL))
The SQL for the System Admin looked like this:
select * from vusers where (user_userid=4) AND (user_primarychannelid=5 AND (user_disabled = N'' OR user_disabled IS NULL) AND (user_istemplate = N'' OR User_IsTemplate=N'N' OR user_istemplate IS NULL))
So what is wrong with this? The user_primarychannelid =5 is not a problem as the Administrator is in the Operations team. But look at the user_userid check! It says user_userid=4 NOT user_userid=1 which is the id of the System Admin. D'oh! The system is checking the details of the user that is being Administered and not the logged on User!!!!
So what is the work around? I don't think there is anything that I can do in the SQL tab. So the page is going to have to be displayed. If this is an ASP page or a .NET application extension then this is not too much of a problem as controlling access to the data is most important.
Let's assume that we we have an ASP page added here.
We will just need to build a check for the user details with the eWare.GetContextInfo("user","user_userid") method. We can then guard the inclusion or display of information.
if (CRM.GetContextInfo("user","user_primarychannelid")==5)
{
//Display Block
myContainer.AddBlock(userextraadminblock);
}
else
{
//Use Error Message
myContainer.AddBlock(accessdeniedcontentblock);
}