Access rights in HRSD

Tomas Westin
Tera Contributor

We are working with the access right structure for Case Mgmt in HRSD.

As I understand it, out of the box all HR Professionals (users with the sn_hr_core.basic role) can read and write all cases.

Is that correct?
Do you have examples on other types of access models being implemented? Like access by Center of Excellence or Assignment groups?

//Tomas

6 REPLIES 6

Rob Sestito
Mega Sage

Hello Tomas,

Yes that is correct - users with the HR basic will have read/write access to HR Cases. When it comes to things like Employee Relations Cases, you might typically want tighter access around those. So you would need to build out additional ACLs around their Cases/Services.

For example, we have an HR Call Center (Employee Resource Center (ERC)), that handle most of our Cases. When they create Employee Relation Cases themselves, they will have access to them up until the Ready State. But while in Draft (since that state is considered when the initial work/info is being entered), they have access to that type of Case.

Here is an example of one of my Read ACLs for Employee Relation Cases: (having the impersonate check is important and handy too)

find_real_file.png

Hope this helps - let us know if you have additional questions, etc.

Cheers,

-Rob

 

*If I have answered your question please click 'Correct'

*If I have given helpful information, please click 'Helpful'

Thanks! Did you also create specific roles for Employee Relations table?

 

//Tomas

Hey Tomas,

Yes we sure did! Probably more than normal as we are using 3 levels when it comes to our Employee Relations team. They have several reps that handle different things. So there is a lot of roles based on their level as well.

I also have additional roles for these groups as I created 3 related tables to have a relationship with the employee relations COE. These additional tables house things like interviews specific to their own cases, evidence, and union grievances. While we let these three tabs (related tables) be shown to any ER Case, each record can only reference the Case it was added to. That way everyone isn't seeing everyone else's records.

Quick example:

find_real_file.png

Level 1 can see ALL ER Cases, Level 2 can only see their level and level 3, and then of course, level 3 can only see theirs. BUT... If anyone in the lower levels needs to help out a higher level case, they are added as a collaborator and can only see the higher level case they are a collaborator for. So there was some additional work there for security

Hope this helps - please let us know if you need anything more 🙂

Cheers,

-Rob

manasamaniac
Mega Expert

Hi Tomas,

 

We created COE level ACL i.e. Read ACL . Kindly find below ACL :

find_real_file.png

 

PFA for ACL script .

 

There is another Table named HR access Mapping Table wherein depending on topic category and topic detail specific roles are assigned to Assignment group.

find_real_file.png

 

Thanks

Manasa