How to restrict HR Tasks if the parent HR Case is already restricted by CEO Security Configuration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-08-2023 12:29 AM
Hello.
We have very strange case and looks like OOTB ACL's for "sn_hr_core_task" do not work as they should.
The case is:
It should work as this:
User working with "HR Agent Workspace > opening Lists > HR Tasks > All" is not able to enter any Task (HRT* record) for which parent (HRC* record) is already restricted via COE Security Configuration.
Example from TEST:
Unfortunately it's not working:
User is not able to enter HRC (case) because security prevent it - this is OK but he IS ABLE to enter corresponding TASK which is KO (wrong)
Ex: he is NOT able to enter HRC0001356 (OK) BUT he is ABLE to enter task HRT0001925 and see everything what is WRONG (KO)
System is OOTB - no customisation here:
We were trying to modify those ACL's based on group's and CEO - no success.
COE: sn_hr_core_case_benefits
COE: sn_hr_core_case_global_mobility
COE: sn_hr_core_case_operations
COE: sn_hr_core_case_payroll
COE: sn_hr_core_case_talent_management
COE: sn_hr_core_case_total_rewards
COE: sn_hr_core_case_workforce_admin
Any one got similar issues? How to restricts TASKS if the CASE's are already restricted vie COE Security Configuration:)
Please advise 🙂

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-09-2023 02:57 AM - edited 12-09-2023 02:58 AM
@Don Dom Usually the access to the HR Tasks are not governed via COE ACLs defined on the HR Case, it is due to the fact that HR Tasks can be assigned to individuals who may not have access to the parent HR Case (a task assigned to a person working with IT Infra team or a person from the facility team).
If you wish to keep the access of the HR Tasks only to the people having access to parent HR case then you need to identify the ACLs on HR Tasks which are granting the read access to other users who do not have access to parent case and in the script field of those ACLs you can check the following.
if(current.parent.canRead()){
answer=true;
}
else{
answer=false;
}
Hope this helps.