ACL for HR Case

Jon23 · ‎04-30-2015

We are currently implementing HR Service Management and have a requirement where an assignment group can restrict case access to their assignment group only.

I have achieved this by adding a new field on the form 'Restrict Case Access' and a new read ACL rule:

Everything appears to work as expected, however, my question is, should I be using 'hr_Factory.getSecurityManager(current, gs).canRead()' as many of the other HR ACL rules appear to be using - after reading the wiki I am confused on how to work with these custom wrappers.

Am i creating issue for myself by not using the wrappers?

hbahl_vpt · ‎07-13-2015

I would suggest just included the factory condition will all condition you will write in Script block using AND operator. and make sure the groups have required HR table read role.

Regards

Harsh Bahl

Jon23 · ‎07-13-2015

Hi Harsh,

Could you provide an example of how this would look.

Thanks.

hbahl_vpt · ‎07-13-2015

Hi Walton ,

For Example:

In hr_case read ACL

The script condition is as follows:

answer = checkUserGroup();

function checkUserGroup() {

var group = returnCurrentUserGroup();

if ( hr_Factory.getSecurityManager(current, gs).canRead() && (group.indexOf("HR Recruiter")>=0 ) && (current.category == 'offboarding') ){

return true;

}

else if ( hr_Factory.getSecurityManager(current, gs).canRead()) {

return true;

}

else {

return false;

}

Here "&& (group.indexOf("HR Recruiter")>=0 ) && (current.category == 'offboarding')" is condition that I wanted to keep. Along with this I added factory condition. This will make sure that access as per factory conditions are also give and that actually make sense. For Example factory condition gives access to case record to a person who opened it.

Does this makes sense to you?

Regards

Harsh Bahl