Developer forum

Forum » Feature requests » Custom AccessUserSecondaryRelation fields

Custom AccessUserSecondaryRelation fields

E-mail notifications
Scott Forsyth Dynamicweb Employee
Scott Forsyth
Reply
Posted on 31/01/2017 22:57:20

We're starting to fully utilize impersonation in all of our projects. We create a Login account and a Customer account and use impersonation to link them. This supports a many-to-many relationship. Any number of logins can have access to any number of customers. This flexibility works very well for our type of projects.

As we're doing this, we're finding more reasons to have extra information in the relationship between Logins and Customers.

Would it be possible to add support for custom fields on AccessUserSecondaryRelation? We're starting a project right now that could really use it.

Here's an example of how we could use it:

AccessUser (Type=Login)

Account Name
Jane Doe

AccessUserSecondaryRelation

Login (primary) Customer (secondary) CanViewPrices CanOrder
Jane Doe Dave's RV (111) True False
Jane Doe Mike's Camping World (222) True True

AccessUser (Type=Customer)

Account ID
Dave's RV 111
Mike's Camping World 222

 

The three areas that are important are:

  1. UI support so that backend administrators can manage the settings
  2. API support so that we can perform CRUD operations on it
  3. Integration support so that we can integrate with an ERP

I can envision two ways to achieve this:

  1. Just simple custom settings, which extend AccessUserSecondaryRelation. This is obviously easier, and it supports everything that I need today.
  2. Support item types. That may be overkill, but to be consistent with other improvements in the platform, it may make sense. The key thing is that integration needs to be supported well in both the User Provider and Dynamicweb Provider.

As for the UI, currently, there is a standard user picker. The possible option is that if someone selects a user, the settings could appear below the user picker so that they can change the settings for that user.

It would be ok to have this only in DW9+

What do you think?

Scott


Replies

 
Nicolai Pedersen
Posted on 01/02/2017 08:11:45
Reply

Hi Scott

Just to understand: If Dave's RV logs in by him self, he can order, but if Jane Doe impersonates, she cannot create orders?

So it is kind of permissions on impersonation? So you almost impersonate the account?

BR Nicolai

 
Scott Forsyth Dynamicweb Employee
Scott Forsyth
Posted on 02/02/2017 05:43:49
Reply

Hi Nicolai,

We don't let people log into the Customer account directly. We don't give out the passwords and we throw an error if they attempt to do that. So, in the example above, only the Jane Doe Login has a useful username/password. 

So, if Jane Doe logs in, she will be presented with two choices of accounts to manage (Dave's RV and Mike's Camping World). She must select one (we also remember the last choice). For Mike's camping world, she can view prices and place orders, but for Dave's RV, she can only view prices. She can't place orders.

> So it is kind of permissions on impersonation? So you almost impersonate the account?

Yes, exactly, except that it's not 'almost' (or did you mean 'always'). Every login always impersonates an account. Neither a login or customer can be used by itself. 

Scott

 
Nicolai Pedersen
Posted on 02/02/2017 08:13:02
Reply

Hi Scott

Gotcha.

So, would it not be possible to use a group permission on the users? Make Mike member of group "Placeorders" and Dave not...?

BR Nicolai

 
Scott Forsyth Dynamicweb Employee
Scott Forsyth
Posted on 02/02/2017 08:36:06
Reply

Hi Nicolai,

Yes, and I'll even create group membership from the settings in AccessUserSecondaryRelation. But, I prefer the property method because the data is so much easier to maintain and trust.

For example, let's say that you perform an update from integration from an ERP, you can confidently update a boolean flag and be certain that it's absolutely correct. But, group membership is more fragile because usually it's additive and it doesn't take care of removing stale group assignments. Users can often but in multiple groups for different reasons, like for permissions, or for organization, or for assortments, or other reasons, and I find that their state starts to drift if it's backed by integration mapping jobs. So, I end up storing the original values as a property so that the groups can be audited. So, this situation falls into the same. I prefer properties for integration, and groups as a bonus for when we want to use something in the platform that can benefit from being in a group.

I figure that using AccessUserSecondaryRelations is a nice many-to-many database structure to maintain permissions between a login and a customer user.

Scott

 
Imar Spaanjaars Dynamicweb Employee
Imar Spaanjaars
Posted on 02/02/2017 09:18:54
Reply

There are other scenarios besides permissions where it's useful to store data on the relationship. Consider, for example, buyers. A buyer is a single person in the real world that can order on behalf of multiple companies (customers of our customers) and as such exists as multiple contacts for different customers in the ERP. Then in Dynamicweb the user is created as a single login with impersonation rights for each associated customer. In a recent example we used the Email address to link the multiple records. In order to to send the original contact ID to the ERP when an order is placed, we need to be able to save it somewhere. Directly on the user doesn't work as it's a many to many relationship. The SecondaryRelation table is perfect for this. Here's a concrete example.

Imagine the following ERP data:

Customer 1 (Cust1)
  Imar (imar@buyer.com, ID: CT123 ==> AccessUserID 1)
  John (john@customer1.com, CT456 ==> AccessUserID 2)

Customer 2 (Cust2)
  Imar (imar@buyer.com, ID: CT987 ==> AccessUserID 1)
  Jane (Jane@customer2.com, CT222 ==> AccessUserID 3)


Notice how I exist as two contacts under the two companies but only as a single user in Dynamicweb because of the shared email address. When saving this in the AccessUserSecondaryRelation table you can store this today (ignoring the mapping to AccessUser IDs for the customers):

UserID SecondaryUserID
1 Cust1
1 Cust2
2 Cust1
3 Cust2

Note how my two contacts in the ERP () are collapsed into a single user with an ID of 1. At this point, I no longer have access to the original Contact ID. I could store them as comma separated fields on the user but then I still don't know which ID I should use when impersonating a customer. If I was able to store data in custom fields on the relationship itself, I can do this:

UserID SecondaryUserID ErpContactID
1 Cust1 CT123
1 Cust2 CT987
2 Cust1 CT456
3 Cust2 CT222

Now when my account (ID: 1) is impersonating customer 2, I can see that the associated Contact ID in the ERP is CT987. This in turn can drive pricing, delivery and what not. To me, this makes perfect sense as this Contact ID is part of the actual relationship between a contact and a customer, and differs for each relationship.

In this particular scenario, we also need to store the user's email address on the relation table to handle deltas and changes of the email address in the ERP. Happy to explain this further but it's a pretty advanced scenario.

We solved all of the above by directly extending the AccessUserSecondaryRelation table with additional fields and then using the Dynamicweb provider and tons of TableScripts. With custom fields supported out of the box in the User Provider, a lot of this would be a lot simpler.

Hope this helps,

Imar