Looking Up Role Membership Based On SAMAccountName

The modIsMemberofRole function calls a stored procedure named modGetExecutePermissions to check the permissions for a specified user and role. If the designated user is a member of the specified role the function returns True.

You call the modIsMemberofRole function in validation script procedure for a create action to ensure only users in a certain role could create new record. For example, if you have a state called Active and an OnCreate action associated with it and no other script or permissions, anyone could create a new record and set the state to Active. However, for example, let’s say you create a state called Override and only want users in the Manager role to be able to create a new record and immediately set the state to Override. You would add an OnCreate action to the Override state and use this function on the validation script procedure associated with OnCreate.

To use this example, add the function call to the validation script procedure on the Shared Script tab in the Workflow Process pane. Then, add the following example code to the beginning or end of the text in the Shared Script tab.

Calling the Function

'// modIsMemberofRole(strSAMAccountName, strRoleName)
'// -----------------------------------------------------------------------------------
    ret = modIsMemberofRole (session.user,"Readers") 
    'session.user returns the SAMAccountName of the current user
    call logger.printstring("Member of readers role: " & ret & chr(13) & chr(10)) 
    'modWFE.log file in Windows directory
'// -----------------------------------------------------------------------------------

Example Script

Note   The modIsMemberofRole script requires the modCallSP function. For a copy of the modCallSP script, see Calling a Stored Procedure.

'// ------------------------------------------------------------------------------------
'// Name      : modIsMemberofRole
'// Purpose   : returns whether a SAM Account Name is a member of a role
'//
'// Prereq    : function modCallSP
'// Inputs    : strSAMAccountName -  SAM Account Name
'//           : strRoleName - Role Name
'//
'// Return    : True/False
'// ------------------------------------------------------------------------------------
Function modIsMemberofRole(strSAMAccountName, strRoleName)
    
    '// declaration
    dim paramlist(2)

    '// initialization
    paramlist(1) = strSAMAccountName
    paramlist(2) = strRoleName    

    ModIsMemberofRole = modCallSP("modIsMember", True, 2, paramlist)

End Function
'// -----------------------------------------------------------------------------------