How do you grant case read access to Group Managers without making them group members?

Kohei Tominaga1
Tera Guru

3 hours ago

In the COE Security Policy, it is possible to grant access permissions at the group level.
Users who belong to the group get the permissions, but group managers do not get any permissions by default.

One idea is to customize the ACL scripts that reference the COE Security Policy so that group managers are also granted access.
However, I would like to know how others are handling this situation.

Here is our specific need:

Group managers should:

  • Monitor operational health using the HR Manager Dashboard
  • Review HR cases when there are issues
  • Follow up with their group members

They need read-only access to HR cases, but they should not be assigned to cases.

If we add group managers to the group as members, cases may be automatically assigned to them by auto-assignment rules.
Because of this, we do not want to add them as group members.

However, due to the current behavior of the COE Security Policy, group managers cannot access the cases at all.

How are you addressing this requirement?
Any best practices or design patterns would be appreciated.

0 Helpfuls
  • 111 Views
2 REPLIES 2

SANDEEP DUTTA
Tera Patron

2 hours ago

Hi @Kohei Tominaga1 ,

Even i faced this issue!!

Firstly, we should have a clear idea that, Access and Assignement are two diffrent things.

What i did was i separated the way for Assignment Group and Group who manages . I created a parallel group with similar Structure as Operational Group which was used for Assignment , just for access purpose.

Added members to this new group and finally assigned this group to COE Security Policy with Read access. And never used this group for any kind of assignment.

 

Thanks,
Sandeep Dutta

Please mark the answer correct & Helpful, if i could help you.

Kohei Tominaga1
Tera Guru
In response to SANDEEP DUTTA

an hour ago

Hi, @SANDEEP DUTTA 
Thank you for sharing your experience!

 

So, you created two groups for each team like below, correct?

HR Payroll for assignment - HR Payroll team member only

HR Payroll for Access - HR Payroll team member & HR payroll manager

HR Benefit for assignment - HR Benefit team member only

HR Benefit for Access - HR Benefit team member & HR payroll manager

etc.

 

It would double the number of groups to manage and increase group member maintenance, but it sounds like an idea that could work.
0 Helpfuls