group members should see only those cases assigned to the group they are added

FURQUAN5 · a month ago

We have one group named as learning and the role added in this group is sn_hr_core.basic. if we add any member to the group then those member are able to see all the hr cases. how to restrict the members of the group to see only learning group cases.

Note : I have tried COE security policy . Didn't worked.

I have tried creating HR criteria as well. Didn't worked.

David Aldridge · a month ago

Hi @FURQUAN5 , the exact answer to your query will depend on how you have set up your CoEs and security policies. CoE security will grant access, then exclude by default. So if you want to restrict access for the people in the "Learning" group from non-learning cases, then you need an access rule on the CoE to separately grant access to HR Agents who are not in the "Learning" group. That is, have another group that contains people not in the Learning group and grant that group access, then have a second rule granting access to Learning cases for the learning group and any others who need to access these. Hope this makes sense 🙂

Wessel van Enk · 4 weeks ago

Hi @FURQUAN5 ,

A COE Sec Policy will only allow the groups mentioned in the policy to access those specific cases, but it does not work the other way around. The best way is to create an ACL and add a query to find the learning group cases (based on HR Service or COE or something) and they only allow this group to access these cases.