We're reclaiming inactive PDIs to keep them available for active builders. Learn what's changing, who's affected, and how to protect your work. Read More

according to this what developement and configuration we need to do tell in details

sutarkastur
Kilo Contributor

according to this what developement and configuration we need to do tell in details

1 REPLY 1

Vikram Reddy
Tera Guru

Hello @sutarkastur,

 

The real build here is the Application Administration feature for scoped apps, not a pile of custom ACLs from scratch. HRSD and GRC both ship as scoped applications, so enabling Application Administration on each scope gives a role admin-like rights inside that one scope, which is exactly the "no platform admin" requirement your BRD is describing.

  • Create x_kotak_hrsd_admin and x_kotak_grc_admin as records on sys_user_role
  • Turn on Application Administration for the HR Service Delivery scope and the GRC scope, and set each role as that scope's admin
  • Backfill with targeted sys_security_acl rules for anything outside the scope model, Flow Designer, scheduled jobs, system logs, since those stay admin-gated by default even with scoped admin on
  • Validate every privilege tier with impersonation, not the role simulator, since scoped admin behaves differently at runtime

 

Thank you,
Vikram Karety
Octigo Solutions INC