COE Security Policy to restrict access to cases based on Assignment Group

Yessi · ‎07-02-2024

Hey SN Community!

Is it possible to restrict case access for HR Agents based on their assignment group using a COE Security Policy?

For example: Person A is apart of HR Tier 1. There are currently 4 HR Benefits Cases. One is assigned to HR Tier 1, so Person A should only be able to view that 1 case out of the 4 available.

I've attempted to create a policy for our Benefits table, applicable to all services, and applies when condition - Assignment group is (dynamic) | One of my groups. I've attempted listing all our assignment groups and then again limiting it to a few. Either way all cases are viewable to everyone. Once I remove the Applies when condition, the COE Security Policy works and restricts access to those outside of the listed groups. Is it possible I'm using this Applies when condition incorrectly? Is it limited to certain use? Is anyone able to share examples of COE Security policies they've created?

Test Profile is not part of any of the listed groups but is still able to see Benefits cases.

Appreciate any feedback and tips!

michaelj_sherid · ‎07-19-2024

@Yessi Here is my configuration. I will have to test your use case based on your configuration (images you sent) but here you have to restrict all cases in order to use your second COE policy that states the allow. In my example I am restricting all COEs to only those that are in the assignment groups of the case are able to see.

Blocking all cases

Allowing any case assigned to one of my groups

Regards,

Mike

View solution in original post

michaelj_sherid · ‎07-19-2024

@Yessi Keep us posted. Don't forget to check any Application Restricted Caller Access records that may be related to the COE policies. I do not see a reason why you would have any that are not allowed but always a good thing to check when you are not seeing desired results.

Regards,

Mike

Yessi · ‎07-25-2024

Hey @michaelj_sherid ! Can't thank you enough for your help again! I've been creating COE Security Policies in my PDI to become more familiar with them. I've come across an obstacle with the policies.

I created a policy to block all hr cases within the COE - HR Case (sn_hr_core_case) & applied it to all child COEs
I've then created individual policies for the child COEs to limit access to certain groups or Assignment Group is (dynamic) One of my Groups.
I noticed that I can't see any of the cases under HR Lifecycle Events Case [sn_hr_le_case]. When I attempted to create a policy for that table, I noticed it doesn't appear within the COE list. Is there some way to add it to the list? Or is security handled a different way for that table?

michaelj_sherid · ‎07-25-2024

@Yessi you have to change your scope to Human Resources: Lifecycle Events in order to see the Lifecycle Events COE.

Regards,

Mike

Yessi · ‎07-29-2024

@michaelj_sherid Can't thank you enough for your help Michael!

Yessi · ‎07-19-2024

@michaelj_sherid This absolutely worked!! I was missing the initial COE Security Policy of blocking all cases prior to creating the secondary policy of allowing any case assigned to one of my groups. Information on COE Security Policy is limited so I truly appreciate your help on this! Thank you so much! Have a great week!🤗