UFN_SECURITY_APPUSER_GRANTED_BUSINESSPROCESSINSTANCE_IN_SYSTEMROLE
Return
| Return Type |
|---|
| bit |
Parameters
| Parameter | Parameter Type | Mode | Description |
|---|---|---|---|
| @APPUSERID | uniqueidentifier | IN | |
| @PARAMETERSETID | uniqueidentifier | IN |
Definition
Copy
CREATE function dbo.UFN_SECURITY_APPUSER_GRANTED_BUSINESSPROCESSINSTANCE_IN_SYSTEMROLE
(
@APPUSERID uniqueidentifier,
@PARAMETERSETID uniqueidentifier
)
returns bit
as
/*
Returns true if user has been granted and not denied the business process instance for a System Role.
*/
begin
--If at least one grant and no deny then return true
--otherwise, false
declare @grant bit;
set @grant=0;
declare @OWNERID uniqueidentifier;
declare @SECURITYLEVEL tinyint;
declare @BUSINESSPROCESSINSTANCEID uniqueidentifier;
set @grant = dbo.UFN_APPUSER_ISSYSADMIN(@APPUSERID)
if @grant = 0
begin
-- check to see if the user is the ower of the query, or the query has been granted to everyone
set @SECURITYLEVEL = 0;
select @OWNERID = OWNERID, @SECURITYLEVEL = SECURITYLEVEL, @BUSINESSPROCESSINSTANCEID = ID from dbo.BUSINESSPROCESSINSTANCE where BUSINESSPROCESSPARAMETERSETID = @PARAMETERSETID;
if (@OWNERID = @APPUSERID) or (@SECURITYLEVEL = 0)
set @grant = 1;
-- user isn't the owner, and the query has not been granted to everyone; check to see if the user has been
-- granted (and not denied) explicit rights to the business process instance.
if @grant = 0
begin
--order by GRANTORDENY, deny will be first.
select top 1 @grant = GRANTORDENY
from dbo.V_SECURITY_SYSTEMROLEASSIGNMENT_USER_BUSINESSPROCESSINSTANCE
where (APPUSERID = @APPUSERID) and (BUSINESSPROCESSINSTANCEID = @BUSINESSPROCESSINSTANCEID)
order by GRANTORDENY asc;
end;
end;
return @grant;
end