Group manager is unable to edit the fields of certain groups he is managing

RC19 · ‎06-08-2022

We have groups with group type human_resources. As per existing ACLs, manager should be having access to all edit all fields but manager is unable to edit the fields of few of his groups and when adding users to the group, he is getting "user is not authorized to perform this activity" error and all other fields are also readonly. Issue is only with certain groups.

FYI, we have recently upgraded to san diego version and in some groups with human_resources group type we see this issue with a certain groups. I have compared all the conditions with other groups but couldn't get the cause, Please help.

Ahmed Drar · ‎06-08-2022

If you want to allow groups managers to have full access to group records they managed, then you might need to create an extra ACL on sys_user_group because OOTB ACL allows only on sys_user_group.*

Please mark my answer as ✅ Correct / Helpful based on the Impact

michaelj_sherid · ‎06-08-2022

Hi @RC THis is typically due to the group having an inherited (HR) role. When a manager does not have the role in the "Assignable by" attribute for the role being inherited, you will see this message. Take a look at the HR Roles that are inherited by the group and check this attribute. Most likely this is the root of your issue. The manager just needs the role detailed in the attribute. This was in place for security reasons so keep this in mind if you decide to change the role specified in the :Assignable by" attribute. Here is an OOtB example using the HR Basic role. Not all roles have the same "Assignable by" attribute.

Regards,

Mike