Metadata security bypass for Hiadmin superadmin

Kevin · June 4, 2020, 10:39am

Hello Team Helical,

I am using Helical Insight 3.1 EE.
At the user role management I have profiles attributes and profile values assigned to user. At the metadata level, I have applied metadata security so that a user can only see the data for which he has got corresponding profile values assigned.
It is working fine.

But the problem is I login as “hiadmin” who is “superadmin” and he does not have any profile values assigned. Hence I am myself not able to see any tables or columns because of the metadata security applied. Hence even if I want to edit the security etc I am not able to do that.

Please help?

Thank You
Kevin

helicalforum · June 4, 2020, 10:52am

Hello Kevin,

Theoretically speaking the application is working fine and restricting the data based on whatever condition you have specified. However to address your point you can check if a username is hiadmin or not. if he is hiadmin then security conditions will completely get bypassed. If username is not hiadmin then need to check his profile values and accordingly filter the data.

For your reference below is groovy code for the above, you can modify the profileName or profileValue etc according to your requirement. It will give a good idea

import com.helicalinsight.adhoc.metadata.GroovyUsersSession;
def evalCondition() {
String userName = GroovyUsersSession.getValue('${user}.name');
String profileName = GroovyUsersSession.getValue('${profile[\'Grade\']}');

if (profileName.contains("'Grade'") || userName.equalsIgnoreCase("'hiadmin'")) {
return false
} else {
return true
}
}

The below blogs will also be helpful

Thank You
Team Helical