How to Report on COE Visibility

cwillard · ‎08-07-2023

We have some custom business rules and ACLs that are messy and hard to maintain. I am trying to figure out how to set up COE Security to better manage who has back-end access to read/write cases on certain tables (benefits, total rewards, lifecycle, etc). As a first step I would like to try and build a report that shows me who current has access to cases on these tables without having to go rule by rule to identify hundreds of users. Is there a way I can build a single comprehensive report that compiles all users current read/write access?

If anyone has embarked on a similar initiative and has best practices for moving from ACLs to COE policies that would be great too.

Thanks!

Susan Britt · ‎08-08-2023

I am not aware of any way you'd be able to report on this considering you have custom ways of limiting access today (e.g., business rules, ACL).

I would recommend getting new business requirements on COE case security. Just because it's setup a particular way today doesn't mean it should remain that way. See if there are true business cases (e.g., regulatory compliance) that would require cases be secured beyond the OOB way. Be careful with securing cases to ensure you don't wind up with cases sitting unassigned and no one can see them, or cases being reassigned and the new group cannot see them. I've seen too often clients over-securing cases and end up wanting to scale it back.

View solution in original post

Susan Britt · ‎08-08-2023

I am not aware of any way you'd be able to report on this considering you have custom ways of limiting access today (e.g., business rules, ACL).

I would recommend getting new business requirements on COE case security. Just because it's setup a particular way today doesn't mean it should remain that way. See if there are true business cases (e.g., regulatory compliance) that would require cases be secured beyond the OOB way. Be careful with securing cases to ensure you don't wind up with cases sitting unassigned and no one can see them, or cases being reassigned and the new group cannot see them. I've seen too often clients over-securing cases and end up wanting to scale it back.