I want to build a system that has a no. of task submitted by a different business user. Then I want to assign the task to someone in the organization. Below is the example of task list:
Below is the roles that the system should have. HOD will be able to view each record submitted by user. HOD will approve the task before Managers can view it and assign the task to counsiles.
Can anyone suggest me whether Google AppMaker capable of doing it or not? How to do it? Thanks!
Related
We are on Enterprise - 6.1.0 and want to create a read only user. I've come across documentation that states we should be able to assign a Consumer role to this user, however there are no Consumer groups out of the box.
Let me know how this can be created.
Thanks in advance!
I am working on the Alfresco Process Services and came across the below requirements.
I want to send an email when I involve someone in the task. The involved person should get an email notification. Right now, by default the email notification is not going to the involved person.
Also, is there any way to make the attached documents and task form read only except the task claimer? I mean, only the task claimer should be able to edit the task but all other users in the group should be able to view the task in read only mode.
Any help will be appreciated...
I'm constructing a website.
In this website, people will be able to manipulate several DB tables data.
Everytime someone wants to make a CUD operation I want to log it (like and audit).
The way I see it, I should use triggers for CUD operations, but I can't understand how do I log the user, since triggers don't accept any input parameter.
NOTE: the user I want to log is the network user. I know this user when they access the website (user to log <> user logged to DB).
ANOTHER NOTE: None of my tables saves creation date, creator, update date and updator. Just don't know why they should when I have the audit tables.
So this is the basic problem with web apps. If you have a huge user base ( more then say 500 ), then provisioning them in the database, while this is very easily doable, it is something most web programmers, sadly, don't want to deal with and want only ONE connection user for the database. You have already shot yourself in the foot because you don't have the created_by,modified_by, created_date, modified_date in the tables. To fix this you really only have one choice:
Put the columns on the tables and force the UI people to push the "network" user name through. The rest of the columns can be handled by one very simple trigger.
Why DB audit will not help you:
The DB audit feature ONLY deals with users defined as actual users in the database, sorry that is just the way it is.
Here are some things to look at when dealing with a front end system.
You can write SP's or Packages that execute as the schema owner, but can be run by ANYONE who is defined in the database and those can handle all the INSERT, UPDATE, DELETE operations on the schema they are defined in by simply giving other users the EXECUTE privilege on that set of SP's. This give the DB fine grain control over how tables are manipulated and you only have to grans the select privilege to all the users.
You can write a SP or Package in the SYSTEM schema that allows a group of people to provision users on the system by granting the execute privilege on that SP. Within that SP you define what ROLES they are assigned and therefor can control all their access.
The ability to add, update, and delete various entities in my application is often determined by the relationships defined between the various users involved. Here is an example:
A basic user or his supervisor can create tasks associated to the user, but only his supervisor can lock down the task so that the basic user will not longer be able to add/update/delete it. Until locked down, both individuals will be able to update the task.
What is the best approach to implement these kind of complex and advanced rules that deal with the relationship of users and the state of the entities (new, existing), as well as other things like maybe a user-defined status associated to the entity?
Thanks
What is the best approach to implement these kind of complex and advanced rules that deal with the relationship of users and the state of the entities (new, existing), as well as other things like maybe a user-defined status associated to the entity?
You want to use an authorization standard, namely XACML, the eXtensible Access Control Markup Language. XACML is:
a standard developed by OASIS, just like SAML is
a standard that focuses on fine-grained access control: access control that takes into account user information, resource information, state, and contextual information
a standard that implements the attribute-based access control (ABAC) model: the user information, resource data, and state can all be seen as attributes
a standard that uses policies and rules to structure the attributes and grant / deny access: XACML is policy-based
a standard that can be applied across multiple layers e.g. across the presntation tier, the data tier, the business tier of an MVC application
a standard that can be applied to multiple technologies and languages e.g. C# (MVC4 and more), Java, Python...
With XACML, you can easily implement relationships e.g.: an employee can approve a transaction if and only if the transaction amount < employee approval limit AND the transaction is not locked.
Where to go from here?
Check out NIST's page on ABAC.
Check out OASIS XACML's page and spec
Check out existing implementations (open-source and vendor such as the one I work for, Axiomatics.)
At a bank I worked for, we had a loan management system that allowed the entire bank hierarchy to see loans in their reporting structure. For instance, a Market exec could see the loan portfolio of all of his/her reports at once. Additionally, s/he had the ability to select from a list of all reports' (direct or indirect) names to view the portfolio of that employee.
It was complex, but we had to maintain an HR database of the reporting structure. Once we had that, we built user functions (could be done as stored procs, too, but user functions worked well in our LINQ to SQL backend) that allowed us to check whether user x supervises user y.
So, in your example, as long as you know who owns the task, and have access to a method that can be used to determine if the task owner reports to the currently-logged-in user, you should be able to easily enable/disable the "lock" button on the page.
The legwork lies in creating that reporting structure DB, and keeping it up to date!
I am planning to use Windows Workflow Foundation 4.5.
I need to track information in a custom database.
Lists will be shown in a user interface (my tasks, all tasks).
What is the best way to have a generic system by which I don't need to add custom activities to a workflow.
workflow created
workflow ended
workflow terminated
receive activity started (log custom record in a table)
receive activity completed
--> bookmark events?? I also need to correlate an activity instance id with the record in the database.
...
Do I use a tracking participant for this or can I tap into the events of the workflow service host??
You don't need to add custom activities to your workflow. You can implement SQL tracking participant. Here is a sample: http://msdn.microsoft.com/en-us/library/ee622983.aspx
Tracking participant is the solution to choose here... it is really flexible. You can get the status of the workflow instance with the WorkflowInstanceRecord and the activity status with the ActivityStateRecord. Both records have the instanceId to correlate them.
Also you can track custom tracking in your code activities with the CustomTrackingRecord.
We are using it for long time and the performance is quite good.
I hope it helps.