Restricting access to HR cases assigned to certain groups within HR Agent Workspace.

dylnlopez · ‎12-15-2023

I need to give users within the HR Payroll L1, L2, and L3 groups access to the HR Agent Workspace, but to only be able to view payroll cases assigned to one of those three groups.

The issue I am having is once I give a user the required roles to view the HR Agent Workspace, they then have access to view all HR cases.

Sandeep Rajput · ‎12-16-2023

@dylnlopez There are multiple ways to address this issue.

1. Create COE ACLs: COE ACLs can be defined at a COE level or HR Services level, groups can be defined on the COE ACL form who will have access to the specific COE records. For more information please refer to https://docs.servicenow.com/bundle/vancouver-employee-service-management/page/product/human-resource...

2. ACLs on the HR Case tables: You can define different ACLs on different HR Case tables and grant read access to user belonging to specific group for Payroll case table. You can define ACLs on other HR case tables too and users belonging to L1, L2 and L3 groups shouldn't have access to it.

3. Query business rule: Apart from ACLs, read access on records can also be controlled via Query business rules. Create a query business rule and check if the logged in user is part of L1,L2 and L3 group then only records related to Payroll table should be shown.

Hope this helps.