How to restrict HR Case to particular Tier1 groups

Rekha Tiwari · ‎02-28-2022

Hi All,

I have requirement-

We have Tier1 , Tier2 and Tier3 groups. We need to show HR cases to Tier1 groups only. But also show corresponding HR Cases to Tier 2 or Tier3 groups if HR Case is assigned to these groups.

I have created Read COE Security Configuration for each COE for Tier1 group. Also created Query BR to show HR Cases for corresponding group members but it is not showing to member of that group. Now HR Cases are visible to Tier1 groups only.

Please suggest

Willem · ‎03-01-2022

Hi Rekha Tiwari,

You can use COE Security Policy for this. For each COE you can set up 2 policies:

1 if the assignment group is one of your groups, allowing Tier 1, 2 and 3 Access:

The other allowing Tier 1 always, for example if they are the assigned to (you can do this for each group as well):

Hope this gives you enough inspiration to find a (non-scripted) solution for your requirement! 🙂

View solution in original post

Community Alums · ‎03-01-2022

Hi @Rekha Tiwari ,

Navigate to HR assignment rules, then you will have to setup all the HR Cases types for different COEs to HR Tier 1 group , like below:

HOW?

Open each rule and apply the below changes:

Mark my answer correct & Helpful, if Applicable.

Thanks,

Sandeep

Rekha Tiwari · ‎03-01-2022

Hi @Sandeep Dutta

My requirement is not about assigning the HR cases to any group.

Requirement is- We have three groups- Tier1, Tier2, Tier3

So Tier1 group should see all exist HR cases.

Tier2 & Tier3 should see HR cases which are assigned to their group only.

I tried with ACL still no luck-

if (gs.getUser().isMemberOf("53c321691b8d5850b292eb9bbc4bcbba") ||(gs.getUser().isMemberOf('0634ffe86fbe1600d17b5e02be3ee47e'))) { // Tier1 groups
answer = true;
} else {
answer = false;
}

Logs are coming but visibility is not controlling.

Any suggestions please?

Sagar Agarwal · ‎02-28-2022

Hi @Rekha Tiwari

I'll suggest below solution:

1. Create a system property that stores the comma-separated sys_id's of Tier1 groups.

2. Update your COE security rule to be scripted and check if the user is from either any of the groups in the previously created property of the assignment group. If any of that is true, return true i.e. user would have access to HR case else not.

If my answer helped you in any way, please then mark it as helpful.

Kind regards,

Sagar

Rekha Tiwari · ‎02-28-2022

Hi @Sagar Agarwal

COE Security Configurations can never be scripted.

Willem · ‎03-01-2022

Hi Rekha Tiwari,

You can use COE Security Policy for this. For each COE you can set up 2 policies:

1 if the assignment group is one of your groups, allowing Tier 1, 2 and 3 Access:

The other allowing Tier 1 always, for example if they are the assigned to (you can do this for each group as well):

Hope this gives you enough inspiration to find a (non-scripted) solution for your requirement! 🙂