On-call access for group member, not just group manager

shill
Mega Sage

From my limited understanding of the On-Call module, the user listed as a manager has the access rights to create and edit their groups On-call rotations. Unfortunately, not all of our groups managers want to manage this and we are looking for a way to delegate this to a member of the group so that they could manage this for only their group and no other group. I originally thought I could create a new group with the rota_manager role, but that does not limit access to their group membership. In essence, we are trying to designate someone other than the group manager to have the same abilities as that manager for rota creation and editing. It appears that the security for On-Call is controlled by the script include OnCallSecurityNG which I get lost when trying to understand it. Has anyone done something similar or could point me in the right direction?

5 REPLIES 5

shill
Mega Sage

OK, I figured out what I needed to do and am posting just in case someone else may be interested.

First, I searched the ACL's for scripts containing new OnCallSecurityNG() to determine what was being controlled by that script include.

After determining through testing what each variation allowed access to, I changed the appropriate ACL's to match the script I needed.

In this case, the ACL script "answer = new OnCallSecurityNG().rotaAccess(current.group);" gives access to members of the OnCall group for that particular operation.


goutmari
Tera Contributor

Dear Shill, your solution is 11 years old, do you have a new one please? I can't get it working for Utah. We are facing the same problem when one person doesn't want to manage the whole group. 

Hi, hopefully you found your solution already, but just in case...  We use On-Call and are on Utah, and to get this to work, we had to grant the rota_manager role to the group, and then delegate it to the group member(s).  If the group itself has rota_manager, only the manager of the group has control, but by delegating to the members of a specific group they get granular permissions to manage the shift for that group only.  If a member needs control over multiple groups, they need to be delegated the role for each group.  Hope that helps.

We were further testing with this with little success until we found that once an on-call schedule is set for a group, the group owner can go into the settings of the on-call schedule and delegate shift manager access to a team member via the shift manager's option. See attached picture. Hope this helps!