Share via

Lookup of Role Membership Based On SAMAccountName

  • Article

This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.

The modIsMemberofRole function calls a stored procedure named modGetExecutePermissions to check the permissions for a specified user and role. If the designated user is a member of the specified role, then the function returns True.

You can call the modIsMemberofRole function in the validation script procedure for an OnCreate event to make sure only users in a certain role can create new records. For example, if you have a transition from the Item Created shape to a state named Active and there are no other script or permissions issues, anyone could create a new record and set the state to Active. However, for example, if you create a state called Override and only want users in the Manager role to be able to create a new record and immediately set the state to Override, you add a transition from the Item Created shape to the Override state. Then, you add script to the OnCreateValidation script procedure that checks role membership. The following is an example of such a function.

Calling the Function

Enter this code into the Code Editor, in a validation or event script procedure for the event that you want to trigger the script. It calls the function script that follows.

'// modIsMemberofRole(strSAMAccountName, strRoleName)
'// -----------------------------------------------------------
    ret = modIsMemberofRole (session.user,"Readers") 'session.user returns the SAMAccountName of the current user
    call logger.printstring("Member of readers role: " & ret & chr(13) & chr(10)) 'modWFE.log file in Windows directory
'// -----------------------------------------------------------

Function Script

Enter this code into the Code Editor wherever you usually store functions.

Note   The modIsMemberofRole script requires the modCallSP function. For a copy of the modCallSP script, see Calling a Stored Procedure.

'// -----------------------------------------------------------
'// Name      : modIsMemberofRole
'// Purpose   : returns whether a SAM Account Name is a member of a role
'//
'// Prereq    : function modCallSP
'// Inputs    : strSAMAccountName -  SAM Account Name
'//           : strRoleName - Role Name
'//
'// Return    : True/False
'// -------------------------------------------------------------
Function modIsMemberofRole(strSAMAccountName, strRoleName)
    
    '// declaration
    dim paramlist(2)

    '// initialization
    paramlist(1) = strSAMAccountName
    paramlist(2) = strRoleName    

    ModIsMemberofRole = modCallSP("modIsMember", True, 2, paramlist)

End Function
'// -------------------------------------------------------------

See Also

Data Manipulation Using Workflow Script | Retrieval of User Information by Workflow Script