CA Service Management

Hi Community,

I thought of a way to allow Analysts to manage the contacts at their location, to do this I am trying to use a data partition that restricts Analysts from updating contacts that are not in the same site.  However I'm not able to get the data partition to work.  Is it possible to use dotted notation with the @root attributes?

For example, this is what I'm trying to do.  Add a pre-update constraint on the ca_contact record with the constraint, location.site = @root.location.site.  This condition will fail with the error AHD05800:Bad where clause. invalid constraint. Check data types of referenced attributes

However, this condition works fine, location = @root.location, but once I add .site to both location attributes the constraint fails.

If it is not possible to use dotted notation with the @root attributes then I would have to create multiple roles/data partitions for each region.  With constraints similar to, location.site.name IN('America%').

Edit: Here's some additional context.  The ideal solution would be to data partition the ca_contact table with a constraint on the site list because we have regional admins that are in charge of multiple locations. 

Hi gbruneau,

Try using this data partition, I tested here and it worked.

"location=@root.location and location.site=site.id"

#helpinghands

I'll give this a shot next week, thanks for the tip!

Hi Lrralves,

Your data partition saved fine but it didn't have the desired behavior.  While testing my user was not able to modify contacts at the same location.  Any idea what may have gone wrong?

You can use triger and spel code to get desired results. Spel code may be similar to this

uuid who;  
send_wait(0,top_object(), "call_attr", "cnt", "current_user_id");  
who=msg[0];  
send_wait(0, top_object(), "call_attr", "api", "get_object_values", who, format("cnt:%s",who), 0, "location.site.name");  
if (msg_error()) {  
  logf(ERROR, "get_failed %s",msg[0]);  
}  
else  
{  
if ((string)msg[1]==location)
{
return;
}else
{
set_error(1);
  set_return_data("You can not update this contact. Operation aborted");
  return;

}
}

Or you can use get_access_for_contact method (SPEL API methods) to get access type information for particular admin user and check if site of curent contact can be modified by particular access type.

P.S. i did not tested my code below so if you decide to use it use it on testing machine.

Thank you Gutis,

For my use case with Data Partitions not work?  Talking about this to my team it sounds like we wouldn't be opposed to just leaving access open to everyone with this access type.  And trust they won't modify contacts and group membership outside of their team.

Ho Gebruneau,

some time ago I had the same problem, I created a Datapartition for every site, checking the site-name in the constraints. This solution depends a little bit  on the number of sites. I you have many sites, the effort is too high.

Thank you Baerbel,

I thought that might be the case.

Wich constraint type you used?

I used view.

Type: View

constraint: (location = @root.location and location.site = site.id)

That was probably why it wasn't working. I was using the pre-update type.  Going forward we won't implement a data partition and just see how it goes. Thanks for your help!