Idea ID: 2833301

SMAX: Extend Default Roles when Creating a Person Record

Status : Already Offered
Already Offered
See status update history
8 months ago

We need to extend default permissions of new Portal users.
The "Service Desk Portal User" role is locked and cannot be modified.

Hence, we need to be able to add roles to the template (or however this is done) so that new users will receive this set of permissions upon creation of the person record (just like the "Self-Service Portal User" role).

  • Suggest you do have a person record who has 'Test Role' assigned to it's profile.

    The expression

    ${entity.IsPermitted(null, 'Test Role')}

    will be TRUE. This is verified and working. We use this for e.g. Removing roles.


    However, if you check the presence of a currently non-existing role, the expression does not seem to return false (as expected), otherwise we cannot explain why the action is never fulfilled.

    We do have adapted the rule out of your screenshot (2020-10-16) and it simply does not add the role. 

    In constrast, inverting the rule so that the expression will be TRUE and removing the role as action will work.

  • Hello,

    What do you mean "role is NOT included in the persons record"?

    The string you use in the expression needs to be a valid role name.

    The function works, I used it in many projects. If the rule doesn't return the expected result, please run the workflow debugger to pinpoint the error.

    Please note there is a known issue the business rule will fail to execute if the Primary Domain field on the Person record is set. The fix is available in 2020.08.002.

    Best regards,


  • Tried this out.

    I am the opinion, that the function will not return false in case the role is NOT included in the persons record.

    That means:

    ${entity.IsPermitted(null, 'Test Role') == false}

    will not work - it will never return false.

    The reason is, that the IsPermitted function will not find the role given and propably will return an #NA or #error but not a false.

    true will work as return value indeed.

    Could you verify this? Thanks in advance.

  • Hi Brindusa, 
    thank you for the reply - this was the answer we were looking for and will address our need.

    This idea can be closed.