Need To give Access to only specific group for HR Cases when HR Service is "XYZ"

R Akash
Kilo Expert

‎03-31-2022 02:52 AM

Hello Everyone

I have requirement when HR Service is 'XYZ' only specific group(ABC) will be able to access those HR cases even Admin should not able to access. Need help how this can be achieved.

 

 

Thanks

Akash

0 Helpfuls
  • 814 Views
9 REPLIES 9

Markus Nilsson
Tera Guru
Tera Guru
In response to R Akash

‎04-01-2022 12:09 AM

Hi Akash,

 

Just one clarification from my side, installing the HR app - all admins will get the HR admin initially. This is best practice to remove after installing, keeping few selected people with Admin and HR admin. 

So when you saying you want to restrict for Admins, I'm assuming you want to restrict for HR admins since an Admin should not have access to HR scope. 

I always recommend to be a bit restrictive in granting HR Admin role due to the fact that they will have more access. 

In a maintenance perspective I would recommend not to create own solutions that restrict the HR Admin role. Basically I would suggested that you should have a few people in your company with full transparency and access, this is needed in a maintenance perspective. 

You can then use the delegated developer to grant some more permissions within HR scope for users without HR Admin role:

find_real_file.png

find_real_file.png

 

/Markus

Best regards,
Markus Nilsson
+46709389974
Preview file
18 KB
Preview file
37 KB
0 Helpfuls

Vismit Ambre
Giga Guru

‎03-31-2022 03:00 AM

Hi Akash,

 

Is this specific to COE too as well?

 

Regards,

Vismit

0 Helpfuls

R Akash
Kilo Expert

‎03-31-2022 03:12 AM

Yes this is specific to COE.

 

0 Helpfuls

Vismit Ambre
Giga Guru
In response to R Akash

‎03-31-2022 10:27 AM

In that case, as Markus mentioned, please create a COE Security Policy. And to answer your other question of instead of RESTRICTING a GROUP from accessing, you can build a negative query. 

We had a similar requirement where Tier 1 should be able to see only Tier 1 cases, Tier 2 should be able to view Tier 1 and 2 cases and unfortunately COE Security Policy for negative scenarios is a bit tricky to implement and maintain, so instead we went about creating a QUERY BUSINESS RULE and added all our checks in that. Since COE Security Policy isn't at the moment having the ability to have advanced conditions/scripts this is the only way in which we could have done it.

 

Let me know if this helps.

 

Regards,

Vismit

0 Helpfuls

R Akash
Kilo Expert
In response to Vismit Ambre

‎03-31-2022 11:47 PM

Hi Ambre

In my case i need to restrict even admins also to view the cases. What will be the best approach for this ACL or Query business rule. I think its not possible by using coe security policy. its's giving access to groups mentioned in coe security policy and also to admins.

 

 

 

Thanks

Akash

 

 

0 Helpfuls