How can an agent manage HR templates?

miro2
Mega Sage

Hi,

I found out that HR agents must have the sn_hr_le.activity_writer role if they want to access and edit HR templates. I found an ACL in the HR Core scope that says that if a user has the above role and the owning group field is not empty, they are able to edit HR templates.

I'm wondering about is that this role comes from the LE scope, and I don't see a similar role in the HR Core scope.

What do you think? Is it the right way to give HR agents the sn_hr_le.activity_writer role to edit hr templates or should I consider another approach?


ACL

miro2_0-1705667751795.png


canEditTemplate function

 

canEditTemplate: function(template) {
		var roles = new hr_Utils();
		// if a life cycle admin, can edit regardless of owning group
		var isHrAdmin = roles.checkUserHasRole('sn_hr_core.admin');
		if (isHrAdmin)
			return true;
		
		// if not an activity writer, then cannot edit, regardless of owning group
		var isActivityWriter = roles.checkUserHasRole('sn_hr_le.activity_writer');
		if (!isActivityWriter)
			return false;
		
		// has activity writer, but must be in group too
		if (template.owning_group) {
			var grGroups = new GlideRecord('sys_user_grmember');
			grGroups.addQuery('user', gs.getUserID());
			grGroups.addQuery('group', template.getValue('owning_group'));
			grGroups.query();
			var isMemberOf = grGroups.next();
			return isMemberOf;
		} 
		
		return template.isNewRecord();
	},

 

 

 

Manage HR Template module - when users have above role, they can see this module

miro2_1-1705667859868.png

 

2 ACCEPTED SOLUTIONS

Yes, the user need to have this role.

Not necessary to assign this role to that group. if user inherit this particular role from nay other group then users can edit HR Template. You can add this role to Owned By group to allow all users in that group to be able to edit HR templates.

 

 

Please appreciate the efforts of community contributors by marking appropriate response as correct answer and helpful, this may help other community users to follow correct solution in future.
Thanks
Anil Lande

View solution in original post

Hello @miro2 ,

As per OOB configuration users with 'sn_hr_core.admin' can edit HR Templates. I can see two modules on my PDI and that is accessible to 'sn_hr_core.admin'.

 

Screenshot 2024-01-19 at 10.55.53 PM.png

 

As you know Lifecycle Events is separate plugin and not mandatory. However they introduced additional role as part of Lifecycle Event application enabled managing HR Templates for this new role.

So the module under Lifecycle event is accessible to users having role "sn_hr_le.activity_writer" if Lifecycle Event is installed. Otherwise only HR admin (sn_hr_core.admin) can manager HR templates.

 

Please appreciate the efforts of community contributors by marking appropriate response as correct answer and helpful, this may help other community users to follow correct solution in future.
Thanks
Anil Lande

View solution in original post

7 REPLIES 7

Anil Lande
Kilo Patron

Hi,

Having only ' sn_hr_le.activity_writer' is not sufficient to edit HR Templates. Users with role 'sn_hr_le.activity_writer' can only edit templates where user is member of the group which is populated in owned by field on template.

 

Basically, HR Admin is basic role required to create/edit HR Templates. 'sn_hr_le.activity_writer' can edit specific templates associated with their group.

 

Please appreciate the efforts of community contributors by marking appropriate response as correct answer and helpful, this may help other community users to follow correct solution in future.
Thanks
Anil Lande

Hi @Anil Lande 

"Having only ' sn_hr_le.activity_writer' is not sufficient to edit HR Templates. Users with role 'sn_hr_le.activity_writer' can only edit templates where user is member of the group which is populated in owned by field on template."    ---> that's what I'm trying to achieve, maybe I missed that information in my post.

miro2_0-1705674428439.png

miro2_1-1705674489042.png

 

 

I already have a group that will be managing some particular HR templates, and in HR Template will use Owning group field populated with this group.

I want to allow members of that group to manage (edit) those templates only.

 

As far as I understand this role (sn_hr_le.activity_writer) is required to have in Group, if I want to allow agents to edit templates, correct?

Yes, the user need to have this role.

Not necessary to assign this role to that group. if user inherit this particular role from nay other group then users can edit HR Template. You can add this role to Owned By group to allow all users in that group to be able to edit HR templates.

 

 

Please appreciate the efforts of community contributors by marking appropriate response as correct answer and helpful, this may help other community users to follow correct solution in future.
Thanks
Anil Lande

Hi @Anil Lande 
I'm not sure what I mean by "You can add this role to Owned By group to allow all users in that group to be able to edit HR templates." ---> Isn't the same as adding a role to the group I already created, and then members of that group be able to edit templates?