0 votes

Hello all,

Is there a way of setting an attribute to display on a form that is read only, even if the user has permission in Adaxes to edit it?

Many thanks for any advice.

Steve

by (20 points)

1 Answer

0 votes
by (216k points)

Hello Steve,

Currently there are no built-in means to do that, but we can suggest the following workaround: on the Web Interface, you can display a certain multivalued property that users cannot edit, for example, you can use one of Adaxes virtual properties (say, CustomAttributeTextMultiValue1). Such properties are not stored in AD, but can be used the same as any other property of Active Directory objects.

In the values of this multivalued property, you can display all the properties that you want users to view, but not edit, for example:

Also, you can create Business Rules triggered after creating and updating users that'll populate the multivalued property with actual information once a new user is created or an existing user is updated.

If such a solution is OK with you, we can provide you with detailed instructions on how to implement such a solution.

0

Hi guys,

Thanks very much for coming up with a solution for this. This looks like something I can work with.

Would appreciate the detailed instructions if possible, and i'll follow this up.

Thanks again

Steve

0

Hello again.

Would it be possible to follow this up?

Many thanks

Steve

0

Hello Steve,

To implement such a solution:

I. Create Business Rules that update a multivalued property with values of the properties that you need to be visible:

First, you need to create Business Rules that will automatically update a certain multivalued property with values of the properties that you want to show. For this purpose, you'll need to create a Business Rule triggered after creating an object (to populate the values of the properties once a new object is created) and another once triggered after updating an object (to update the values of the properties once anything is changed). To create such Business Rules:

  1. Create a new Business Rule.

  2. On the 2nd step, in the Object Type section, select the type of objects that you want the Business Rule to update. For example, if you want the Business Rule to update users, select User.

  3. In the Operation section, select :

    • After Creating <Object type> - if you are creating a Business Rule for populating the multivalued property for new objects,
    • After Updating <Object type> - if you are creating a Business Rule for updating the multivalued property of existing objects.

    where <Object type> is the type of objects you selected on step 2.

  4. On the 3rd step, add the Run a program or PowerShell script action and paste the following script:

     $propertiesToDisplay = @("description", "title", "l", "manager") # TODO: modify me
     $propertyToUpdate = "adm-CustomAttributeTextMultiValue1" # TODO: modify me
    
     # Check whether it is necessary to update property values in the multivalued property
     if ($Context.Action.IsOperationOftype($Context.TargetObject, "set properties"))
     {
         $updatePropertyValues = $False
         foreach ($property in $propertiesToDisplay)
         {
             if ($Context.IsPropertyModified($property))
             {
                 $updatePropertyValues = $True
                 break
             }
         }
         if (!$updatePropertyValues)
         {
             return
         }
     }
    
     # Get display names for all properties
     $culture = [System.Globalization.CultureInfo]::CurrentCulture
     $attributeFriendlyNamesCache = [Softerra.Adaxes.Directory.AttributeFriendlyNamesCache]::GetInstance($culture)
    
     $propertyEntires = @()
    
     foreach ($propertyName in $propertiesToDisplay)
     {
         # Get display name for the property
         if ($attributeFriendlyNamesCache.HasFriendlyName($propertyName))
         {
             $propertyEntry = $attributeFriendlyNamesCache.GetFriendlyName($propertyName, "user")
         }
         else
         {
             $propertyEntry = $propertyName
         }
         $propertyEntry += ": "
    
         # Get property value
         try
         {
             $propertyValue = $Context.TargetObject.Get($propertyName)
         }
         catch
         {
             $propertyValue = ""
         }
         $propertyEntry += $propertyValue
         $propertyEntires += $propertyEntry
     }
    
     # Save property values to the multivalued property
     $Context.TargetObject.Put($propertyToUpdate, $propertyEntires)
     $Context.TargetObject.SetInfo()
    
  5. Modify the following in the script to match your requirements:

    • $propertiesToDisplay - specifies a list of properties that must be displayed. You need to specify the properties by the LDAP names. The property names need to be included in double quotes and separated by commas.
    • $propertyToUpdate - specifies the name of the multivalued property that will be updated with values of the properties specified in $propertiesToDisplay.
  6. Enter a short description for the script and click OK.

  7. Finish creation of the Business Rule.

II. Show values for the properties on the forms for editing users

For information on how to add the multivalued property to the form for editing objects so that users can view the values for the properties while editing objects, see step 6 of the Customize Forms for User Creation and Editing Tutorial.

If you want to show the values for the properties only on the form used by a certain Home Page Action, see section 3 under Modify Object.

III. Change display name for the multivalued property
Since a name like CustomAttributeTextMultiValue1 won't tell you much about the meaning and the function of the field, you may want to give it your own name. For information on how to do this, see the following help article: http://www.adaxes.com/help/?HowDoI.Mana ... Names.html.

Related questions

0 votes
1 answer

Hello Support, is it possible connect adaxes from a 3rd party software and read user attributes? is there a example available? Thx,

asked Jan 21, 2019 by Lylyhannah (50 points)
0 votes
1 answer

I have made a deprovision custom command. I cannot change the attribute directReports, so was thinking - i could take the people in the directReports field of the manager ... (and its subordinates) that im running the deprovision custom command from. Any tips?

asked Mar 21 by EdgarsABG (110 points)
0 votes
1 answer

Is there a way to configure the module "Member of" in a "View user"-action as purely read only? As it stands now we are able to navigate to a seperate viewing page ... needs write-access to AD, we can't specify purely read-rights via the security role either.

asked Mar 8 by Handernye (100 points)
0 votes
1 answer

How can I grant read only rights for Configuration items in the Adaxes Admin Console?

asked Jan 26 by mark.it.admin (2.3k points)
0 votes
1 answer

I added the Password last set field to the Admin view but when I click on edit it allows the admin user to change the value. Adaxes correclty handel Bad Password time and Bad password ... last set, so I guest there is a way but I can not find it. Thanks you

asked Dec 19, 2019 by tomlaf (60 points)
3,549 questions
3,240 answers
8,232 comments
547,815 users