HR cases, tasks should not be visible in the backend for users with admin role.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2023 09:16 PM
Hi All,
I have a requirement where ,HR cases, tasks should not be visible in the backend for users with admin role (IT Admin) if they are impersonating someone.
For ex. If i have a admin role and if i impersonate any user who is having acccess to HR cases, then the HR cases should not be visible to me.
How can I achive this? any guidance will be helpful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2023 09:22 PM
Hi @Sanket Pawar ,
What you have asked for comes OOTB already!!
HR is a scoped Application, so without having proper HR Specific roles nobody can access HR tasks, Cases, etc.
Even if someone has Admin role cannot make any changes in HR scope, they would require HR Admin role.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2023 09:26 PM
Hi Sandeep ,
You are right but the reqiurement is, if you impersonate some user who has the specific roles to HR , the you should not be able to see the HR cases through impersonation, so how can we control the impersonation based on the admin role?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2023 09:31 PM
Hi @Sanket Pawar ,
You can prevent a user from accessing HR information by impersonating a user that has HR access by using the If true, ACLs check if the user is being impersonated. property.
- Navigate to HR Administration > Properties.
- Scroll to If true, ACLs check if the user is being impersonated.
- Check Yes (true) to enable ACLs to check when a user is impersonating another user and prevent the user from viewing HR information.
- Even if the logged in user has HR access and impersonates another HR user with the same access, HR information is not visible.
Note: This property was introduced for the HR Service Delivery scoped application and not applicable to the HR Services Delivery Non-scoped application.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2023 09:33 PM
Also, You can try to opt for your own ACL,
I am not sure this will work you can see whether user is impersonating and if he has same role can try putting answer = false;
example
can check 2 condition, User impersonating and has role to view records hence dont give access some thing like this
if (gs.getSession().isInteractive() && (new sn_hr_core.hr_CoreUtils().impersonateCheck()) && gs.hasRole('rolename'))
answer = false; // User Impersonating but has role still return false