Plugin Snippet always runs for SystemAdministrator

IdentityIQ (IIQ) IIQ Discussion and Questions
1

I am creating a plugin that hides elements on the UI page. I only want to hide the elements when the Identity has the SPRight PluginUser. For normal users this works perfectly, if the user has PluginUser the UI elements are hidden. If the user does not have PluginUser the elements are not hidden.

The problem is when I have a user that has SystemAdministrator capability the snippet always hides the UI elements. This is true for spadmin or any other user that has the SystemAdministrator capability.

I could update the header.js to conditionally execute based on the identity name, but I would rather use SPrights to control things.

<entry key="snippets">
	<value>
		<List>
			<Snippet regexPattern=".*/home.jsf" rightRequired="PluginUser">
				<Scripts>
					<String>ui/js/snippets/header.js</String>
				</Scripts>
				<StyleSheets>
					<String>ui/css/styles.css</String>
				</StyleSheets>
			</Snippet>
		</List>
	</value>
</entry>
2

Hello Matt,

I think that while IIQ handle the Authorization model, the System Administrator is handled as an exception which has full rights.

If you really want to bypass this, I would suggest prepare a separate endpoing to calculate whether user has the SPRight or not. then within your header.js, you can query this endpint. If you need an example, I can further provide to you.

Best regards,
Mike

1 Like
3

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.