How to Restrict HR Case Read access for members of a particular HR assignment group?

MU
Kilo Contributor

‎06-24-2021 08:52 PM

Hi all,

Is it possible to limit broader HR case read access for users of an assignment group to only the assignment group they belong to? 
 
For e.g: User currently have the sn_hr_core_case.read role that allows them to view all HR cases across different COEs. We have created a training group but we want to limit read cases for these training members to only the cases their group is assigned to across different COEs. But because they have the reader role we're not sure how to restrict their access to other cases that are not assigned to them.
 
Can this be done? Thanks
 
 
 
 
0 Helpfuls
  • 2,461 Views
5 REPLIES 5

Laura_Diggs
Giga Guru

‎06-25-2021 12:25 AM

Try adding a script similar to this to the read ACL:

answer = (!gs.getUser().isMemberOf('HR Training Group')
           || gs.getUser().isMemberOf(current.assignment_group));
0 Helpfuls

MU
Kilo Contributor
In response to Laura_Diggs

‎06-27-2021 07:02 AM

var impersonateCheck = new sn_hr_core.hr_CoreUtils().impersonateCheck();
var guest_user=gs.getProperty('sn_hr_core.guest_user');
if (impersonateCheck){
answer = false;
} else if((new hr_Case(current, gs).canReadCase())){
if( current.u_confidential_case == false){
answer = true;
} else if( current.u_confidential_case == true && gs.hasRole('sn_hr_core.hr_leader') && gs.getUserID() != guest_user)
{
gs.info('if');
answer = true;
}
else
{
answer = false;
}
}

 

Hi Laura,

 

Thank you for your response. Will I add your code to this script? This is the read ACL on the sn_hr_core_case. 

 

Appreciate your help.

0 Helpfuls

Susan Britt
Mega Sage
Mega Sage

‎06-25-2021 02:59 AM

You can utilize the COE Security Configuration for this and avoid manually updating ACL.  Since this group can have cases/services across multiple COEs, you could create the new read and write COE Security on those COE tables and specific HR Services, then add the training group (and any other group that may also need access to their cases).

MU
Kilo Contributor
In response to Susan Britt

‎06-27-2021 07:09 AM

Hi Sbriti,

 

Thank you for your response. Due to the earlier implementation, this may be too time-consuming. We have a number of HR Services across multiple COEs. Only one of the COE has the additional security ACL that check user's access. Defining read and write security on all the COEs with all the relevant assignment group will be very hard and time-consuming. 

0 Helpfuls