Creating relations is blocked due to lack of delegation-rules/groups.
Symptoms
Creating a new relation (as system user/administrator) is blocked due to the lack of delegation rules/groups. When trying to save the relalation, the following error comes up:
| 🇬🇧 English | 🇳🇱 Dutch |
|
|
|
| It's not possible to create a group/user for this relation because no rights could be passed. Make sure you (as admin-user) has any delegation-rules/groups to pass through to this new user. |
Het was niet mogelijk om deze relatie een groep/gebruiker aan te maken, omdat uzelf (als beheerder) niet beschikt over delegatie-regels/groepen en/of toegangs-regels/groepen om door te geven aan deze nieuwe gebruiker. |
Related symptoms
-
Details
When creating a relation, a usergroup and/or useraccount will be created automatically as well. This newly created usergroup and/or useraccount will be used to link data into the system onto eachother. Also, if logging in is permitted for a relation, the created useraccount will be activated so login is possible.
By default, when a user/relation creates a new relation (and with that, a new usergroup and/or useraccount), the new user inherits the permissions of the current user. However, when logged in as a system user/administrator (not part of a relation) with all permissions, it's not desirable for the new user to also be granted all permissions as well.
To prevent limiting the permissions of the current user to restrict the new useraccount/usergroup, delegations can be used instead. With delegations, it's possible for a system user/administrator to specify which permissions may be passed through, while creating a new usergroup/useraccount.
Cause
This issue is caused when creating new relation as system user/administrator (not part of a relation), without any delegationgroups or deletationrules specified. When nothing it configured, there are no permissions to pass through to the new usergroup and/or useraccount. Without permissions, it's won't be able to work with CoCoS.
Solution / Resolution / How To
In order to save the relation, delegationgroups/deletationrules has to be configured for the current user in order to continue. This can be done by following the following steps:
|
1. Click on the "Open user/group 'Administrator'" in the error message or use the navigation in the top right of the CoCoS management to navigate to the account from which the new relation will be created. |
 |
| 2. In the useraccount, navigvate to the tab "Delegation groups" |  |
| 3. Click the [ + ] button in order to create/select a new group |  |
| 4. Use field "Delegation" to search for any existing delegationgroups or click the [ + ] button in order to create a new delegationgroup. |
|
| 5. Insert a name/description for the new delegationgroup and click button [ Save ] to save it/create it. |  |
| 6. When saved, click the [ + ] button in the list with delegationrules to create new rules. This will become the permissions that will be granted onto to the new usergroup and/or useraccount. |  |
| 7. For each delegationrule, select which library/collection the rule applies to, which actions (Create, Read, Update, Delete) are allowed and optionally, which data can be accessed and for which specific user, the rule applies to. In the example, we'll allow everything for everyone. Because CoCoS is used for various applications, there are no "default rules". On a new system, policyRules has to be configured manually at least once in order to specify which permissions may be passed trough onto new users. For inspiration, see the example table at the end of this page. |
|
|
8. When all desired policyrules are created, click the [ Save and close ] button in order to close the delegationgroup. |
 |
| 9. And click the [ Save and close ] button once again in the pane from step 4. |
|
| 10. In the pane from step 3, it's now visible delegationgroup "Delegation for relations" will be used for the current user in order to pass through permissions while creating a new relation. |
|
| 11. Try creating/saving the new relation once again. When the steps above are executed correcly, this should now work. |
|
Example configuration
Example delegation, used for systems with relations, intercom and dialplans:
Please note! The table below is just an example. Depending on the project/client/application of the CoCoS systenm other permissions can be desireable. Always make sure the correct permissions are configured.
Optionally, login with the created useraccount or usergroup after creating the relation in order to verify the correct permissions are granted.
| 1. Library/collection | 2. CRUD | 3. Van wie | 4. Gegevens   | 5. Voor wie | |
| intercom/callHistory | Read | - Gebruiker zelf - Onderliggende relaties |
- | Van toepassing op alle groepen/gebruikers |
Â
 |
| system/schedules | Read | - Gebruiker zelf - Onderliggende relaties |
- | Van toepassing op alle groepen/gebruikers |
Â
 |
| system/userMenus | Read | - Gebruiker zelf - Onderliggende relaties |
- | Van toepassing op alle groepen/gebruikers |
Â
 |
| mastertables/* | Read | - Alle gegevens | - | Van toepassing op alle groepen/gebruikers |
Â
 |
| system/userRoles | Read | - Alle gegevens | - | Van toepassing op alle groepen/gebruikers |
Â
 |
| intercom/configurations | Read + Update | - Gebruiker zelf - Onderliggende relaties |
- | Van toepassing op alle groepen/gebruikers |
|
| system/devices | Read + Update | - Gebruiker zelf - Onderliggende relaties |
- | Van toepassing op alle groepen/gebruikers |
Â
 |
| languges/* | Read + Update + Delete | - Gebruiker zelf - Onderliggende relaties |
- | Van toepassing op alle groepen/gebruikers |
|
| media/files | Create + Read + Update | - Gebruiker zelf - Onderliggende relaties |
- | Van toepassing op alle groepen/gebruikers |
|
| intercom/callRoutings | Create + Read + Update + Delete | - Gebruiker zelf - Onderliggende relaties |
- | Van toepassing op alle groepen/gebruikers |
|
| intercom/dialplans | Create + Read + Update + Delete | - Gebruiker zelf - Onderliggende relaties |
- | Van toepassing op alle groepen/gebruikers |
|
| relationships/* | Create + Read + Update + Delete | - Gebruiker zelf - Onderliggende relaties |
- | Van toepassing op alle groepen/gebruikers |
|
| system/notes | Create + Read + Update + Delete | - Gebruiker zelf - Onderliggende relaties |
- | Van toepassing op alle groepen/gebruikers |
Â
 |
| system/users | Create + Read + Update + Delete | - Gebruiker zelf - Onderliggende relaties |
- | Van toepassing op alle groepen/gebruikers |
|
| system/userSettings | Create + Read + Update + Delete | - Gebruiker zelf - Onderliggende relaties |
- | Van toepassing op alle groepen/gebruikers |
Â
 |
| topology/* | Create + Read + Update + Delete | - Gebruiker zelf - Onderliggende relaties |
- | Van toepassing op alle groepen/gebruikers |
Â
 |
References
- https://manuals.concera.com/books/cocos-search-and-find-0FX/page/hoofdrelatieeigenaar-instellenaanmaken-voor-een-cocos-client-met-searchandfind
- https://manuals.concera.com/books/cocos-for-developers/page/aanmaken-relatie-gaat-fout-omdat-bovenliggende-relatie-niet-beschikt-over-de-juiste-regelsgroepen-om-door-te-geven
No comments to display
No comments to display