HR cases, tasks should not be visible in the backend for users with admin role.

Sanket Pawar
Tera Contributor

‎05-14-2023 09:16 PM

Hi All,

I have a requirement where ,HR cases, tasks should not be visible in the backend for users with admin role (IT Admin) if they are impersonating someone.

 

For ex. If i have a admin role and if i impersonate any user who is having acccess to HR cases, then the HR cases should not be visible to me.

 

How can I achive this? any guidance will be helpful.

0 Helpfuls
  • 864 Views
4 REPLIES 4

Community Alums
Not applicable

‎05-14-2023 09:22 PM

Hi @Sanket Pawar ,

 What you have asked for comes OOTB already!!

HR is a scoped Application, so without having proper HR Specific roles nobody can access HR tasks, Cases, etc.

Even if someone has Admin role cannot make any changes in HR scope, they would require HR Admin role.

 

0 Helpfuls

Sanket Pawar
Tera Contributor
In response to Community Alums

‎05-14-2023 09:26 PM

Hi Sandeep ,

You are right but the reqiurement is, if you impersonate some user who has the specific roles to HR , the you should not be able to see the HR cases through impersonation, so how can we control the impersonation based on the admin role?

 

0 Helpfuls

Community Alums
Not applicable
In response to Sanket Pawar

‎05-14-2023 09:31 PM

Hi @Sanket Pawar ,

You can prevent a user from accessing HR information by impersonating a user that has HR access by using the If true, ACLs check if the user is being impersonated. property.

  • Navigate to HR Administration > Properties.
  • Scroll to If true, ACLs check if the user is being impersonated.
  • Check Yes (true) to enable ACLs to check when a user is impersonating another user and prevent the user from viewing HR information.
  • Even if the logged in user has HR access and impersonates another HR user with the same access, HR information is not visible.
    Note: This property was introduced for the HR Service Delivery scoped application and not applicable to the HR Services Delivery Non-scoped application.

 

0 Helpfuls

Community Alums
Not applicable
In response to Community Alums

‎05-14-2023 09:33 PM

@Sanket Pawar ,

SandeepDutta_0-1684125192012.png

 

Also, You can try to opt for your own ACL, 

I am not sure this will work you can see whether user is impersonating and if he has same role can try putting answer = false;

example

can check 2 condition, User impersonating and has role to view records hence dont give access some thing like this

if (gs.getSession().isInteractive() && (new sn_hr_core.hr_CoreUtils().impersonateCheck()) && gs.hasRole('rolename'))
    answer = false; // User Impersonating but has role still return false

 

0 Helpfuls