4 Replies Latest reply: Oct 22, 2012 3:18 AM by 876110 RSS

    Assigning user roles while creating user

    Jitendra Vishnoi
      Hi All,

      I have given a role filed(<dsp:input bean="ProfileFormHandler.value.roles.role" maxsize="30" size="30" type="text"/> on registration page. After registration every field is populated in db except role(dps_role table).
      Pls let me know what I am doing wrong.

        • 1. Re: Assigning user roles while creating user
          In DPS module, /atg/userprofiling/userProfile.xml we have itemdescriptor role like given below:

          <item-descriptor name="role" >
          <table name="dps_role" type="primary" id-column-name="role_id">
          <property name="type" data-type="enumerated" expert="true" display-name-resource="type" default="role">
          <attribute name="useCodeForValue" value="false"/>
          <option value="role" code="2000" />
          <option value="organizationalRole" code="2001"/>
          <attribute name="propertySortPriority" value="50"/>

          <property name="version" column-name="version" data-type="int" writable="false" expert="true" display-name-resource="version">
          <attribute name="propertySortPriority" value="60"/>
          <property name="name" category-resource="categoryBasics" column-name="name" data-type="string" required="true" display-name-resource="name">
          <attribute name="propertySortPriority" value="10"/>
          <property name="description" category-resource="categoryBasics" column-name="description" data-type="string" display-name-resource="description">
          <attribute name="propertySortPriority" value="20"/>

          I am not able to see property like role there are properties type,version,name,description only. So I think there is no property like role.
          Can you check it again?
          • 2. Re: Assigning user roles while creating user
            Jitendra Vishnoi
            Hi RMishra,

            Thanks for your reply.
            Could you please let me know, how can I set properties of table you mentioned. I tried <dsp:input bean="ProfileFormHandler.value.role.role_id" maxsize="30" size="30"
            type="text"/> and then <dsp:input bean="ProfileFormHandler.value.role.name" maxsize="30" size="30"
            But didn't work.
            • 3. Re: Assigning user roles while creating user
              Nitin Khare
              You should not assign roles to user profile like "ProfileFormHandler.value.roles.role" from <dsp:input>. You can bind <dsp:input> to a formhandler property to which you can pass the name or id of the role which you want to assign but role assignment should always route through the ATG security APIs in order to correctly update the internal security mappings. Because of those dependencies you should not try to set the role by simply calling profile.setPropertyValue("roles", ...) The code may not fail this way but if you do assign the role this way then it may not work as you expect when checking for role based privileges. Here is one possible way of doing it:

              1. In your formhandler properties file declare a dependency on the default user directory which by default points to the profile database:


              So in the form handler you declare corresponding getUserDirectory() and setUserDirectory().

              2. Then in the formhandler, get the DirectoryPrincipal objects associated with the user profile along with the role which you want to assign and then assign the role to the user:
              import atg.userdirectory.UserDirectory;
              import atg.userdirectory.DirectoryPrincipal;
              import atg.userdirectory.User;
              import atg.userdirectory.Role;
              import atg.userdirectory.DirectoryModificationException;
              import java.util.Collection;
              import java.util.Iterator;
              private boolean assignRoleToUser(String roleName, String userId) {
                UserDirectory userDirectory = getUserDirectory();
                DirectoryPrincipal userPrincipal = userDirectory.findUserByPrimaryKey(userId);
                DirectoryPrincipal rolePrincipal = userDirectory.getRoleByPath(roleName);
                User user = (User)userPrincipal;
                Collection collection = userDirectory.getRoles();
                boolean status = false;
                Iterator iter = collection.iterator();
                  Object obj = iter.next();
                  if(obj instanceof Role) {
                    Role role = (Role)obj;
                    if(roleName.equals( role.getName() ) && user!=null) {
                      try {
                        status = user.assignRole(role);    //will return true if the role was added otherwise false
                      catch (DirectoryModificationException e) {
                     //handle exception
                return status;
              In the code above "roleName" parameter is the name of role you want to assign to the profile having the id as "userId". If you want to do the role assignment while creating the user then you can do the above stuff from postCreateUser() so that you can get the Principal associated with the profile. For more details about the interfaces and classes used here you can refer to ATG API documentation.

              • 4. Re: Assigning user roles while creating user

                If the role you are trying to assign is not dynamic or based on business roles, you can set it in securedrepository xml.
                You can refer to SecureRepository topic in ATG Repository Guide. You can set role as soon as user gets created.