Is there any way to limit access to 1C full-text search engines for some roles? Let’s see what can be done here.
Full-text search indexes all given strings and texts, compiling a dictionary - complete list of all words encountered along with the links to infobase objects containing those words. When a user runs the search the engine goes to the dictionary, finds all the words mentioned and outputs the list of documents containing all or some of the words.
What if we (for security or usability reasons) don’t want some users to find some objects using the full-text search?
The obvious full-scale solution is to implement RLS conditions for the objects we need to hide. This restriction will work anywhere (not only in full-text search) and the users will still be able to use full-text search and find the objects they are supposed to see, which is good. What is not so good is that it can be a really time-consuming task.
Simple (and not that obvious) solution
There is a simple solution achievable in no time (with limited functionality, though). We can redefine the default search form and handle its OnOpen event. This property can be found in the root of the Configuration tree:
Let’s say we need to allow full-text search only for users included in “Manager” role. In the “OnOpen” event handler of the UserDefinedSearchForm we need to write something like this:
If Not IsInRole("Manager") Then Message("You don’t have enough privileges to use full-text search feature"); Cancel = True; Return; EndIf; |
Using this solution we entirely blocked access to the full-text search (which is not necessarily a good thing) but it took us for a few minutes instead of hours (in the RLS case).