COE Security rules not working
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2020 12:11 AM
Hi All,
I am trying to create a COE Access control policy to restrict visibility of talent management cases to only few groups. the issue is even a user who is not part of the groups defined in coe acl rule is able to see those cases.
1. Will COE acl override the table acl and handled the security?
2. Or do we need to de activate table level acl's if we define coe acl's.
Any leads would be much appreciated, thanks in advance.
- Labels:
-
Case and Knowledge Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2020 12:26 AM
The COEs have their own tables, inherited from the HR Case table. So to answer your questions:
1- Yes your COE table will override the (parent) table ACL. That is one of the reason for this design, as it allows to fine tune security based on the type of HR request (in your case you "general" HR agents should not see Talent management cases)
2- You should not deactivate the table level ACL, as it will still provide the generic security for your COEs, if the COEs do not have specific ACLs.
I hope my explanation is clear.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2020 01:11 AM
Hi Quentin,
Thanks for your response. But in my case the user who is not part of the group is also able to see the talent management cases. explaination below.
1. Coe acl with Group A, Group B, Group C on talent management case
2. User A - Part of Group A - Able to see the cases - Expected behavior
User B - Not part of any groups A,B and C, but still can access the cases.
Do you know any reason for the same. thanks in advance.
-Shambhu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2020 01:41 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2020 11:22 AM
Can you share your COE Security setup? If you created the "Read" policy on the Talent Management COE for only certain groups, then those are the only ones that should be able to see HR Cases on that COE table. Things to remember with it.
- It will not prevent HR agents outside of those groups from creating new cases on or transferring cases to the table
- It also does not prevent users from seeing the HR Case that should have access otherwise (e.g. Opened For, Approver for case)
- If you only created a "Write" COE Security Policy, all the other groups can still read the HR Cases on the table
If you have confirmed all of those, make sure 1) your COE Security Policy is active and 2) the conditions in the policy match your HR Case and/or "Applies to all services" is checked.
