UFN_SECURITY_APPUSER_GRANTED_CONSTITIDS_FORSMARTQUERY

Returns a table of ConstituentIDs for which the user has been granted the smart query according to the role security groups.
Return

Return Type
table
Parameters

Parameter	Parameter Type	Mode	Description
@APPUSERID	uniqueidentifier	IN
@SMARTQUERYID	uniqueidentifier	IN
Definition

Copy


            CREATE function dbo.UFN_SECURITY_APPUSER_GRANTED_CONSTITIDS_FORSMARTQUERY
            (
                @APPUSERID uniqueidentifier,
                @SMARTQUERYID uniqueidentifier
            )
            returns TABLE as

            /*
            Returns a row for every constituent that the the user has rights to according to record access security.


            This function is optimized for use from within a smart query.
            which respects the constituent security policy that has been configured.

            As such, it assumes that a check for DENY occurs outside this function
            and also assumes that a check for if the user is ISSYSADMIN occurs outside 
            this function.  

            It also assumes a check for UFN_SECURITY_APPUSER_GRANTED_SMARTQUERY_IN_NONRACROLE 
            occurs outside this function. If that function returns true there is no need to join to this TVF.

            */

            RETURN

            (                    
            select 
                CSAA.CONSTITUENTID AS ID 
            from 
                dbo.CONSTIT_SECURITY_ATTRIBUTE_ASSIGNMENT as CSAA
            WHERE
                CSAA.CONSTIT_SECURITY_ATTRIBUTEID IN 
                        (
                            select 
                                SYSTEMROLEAPPUSERCONSTITUENTSECURITY.CONSTITUENTSECURITYATTRIBUTEID
                            from 
                                dbo.V_SECURITY_SYSTEMROLEASSIGNMENT_USER_SMARTQUERY as SV
                                inner join dbo.SYSTEMROLEAPPUSER on SYSTEMROLEAPPUSER.SYSTEMROLEID = SV.SYSTEMROLEID
                                inner join dbo.SYSTEMROLEAPPUSERCONSTITUENTSECURITY on SYSTEMROLEAPPUSERCONSTITUENTSECURITY.SYSTEMROLEAPPUSERID = SYSTEMROLEAPPUSER.ID
                            WHERE
                                SV.APPUSERID=@APPUSERID AND
                                SYSTEMROLEAPPUSER.CONSTITUENTSECURITYMODECODE = 2 and
                                SV.SMARTQUERYCATALOGID=@SMARTQUERYID and
                                SV.GRANTORDENY=1                                
                            )
            UNION ALL

            --Constits with no security attributes if the user in a role with security mode = 1

            select 
                ID 
            from 
                dbo.CONSTITUENT
            WHERE EXISTS
                (
                    select 
                        1
                    from 
                        dbo.V_SECURITY_SYSTEMROLEASSIGNMENT_USER_SMARTQUERY as SV
                    WHERE
                        SV.APPUSERID=@APPUSERID AND 
                        SV.SMARTQUERYCATALOGID=@SMARTQUERYID AND 
                        SV.GRANTORDENY=1 AND 
                        SV.RECORDSECURITYMODE=1                
                )                
                AND                
                ID NOT IN
                (
                    select 
                        CONSTIT_SECURITY_ATTRIBUTE_ASSIGNMENT .CONSTITUENTID 
                    from 
                        dbo.CONSTIT_SECURITY_ATTRIBUTE_ASSIGNMENT 
                )
            )