Use COE Security Diagnostics

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read

    • Enable HR administrators to determine how the COE (HR Centers of Excellence) security policies are evaluated for HR agents.

    Before you begin

    Role required: sn_hr_core.admin
    Note:
    COE security diagnostics:
    • should not be used to find the overall access of a case for a given HR agent. It should only be used for analyzing how COE security policies are evaluated.
    • does not cover all access scenarios and may differ from actual access results. For example, Opened for, Opened by, Watch List, and Collaborators get access to an HR case irrespective of its security policies. Use Access Analyzer for complete access analysis and accurate results.
    • For Frequently Asked Questions (FAQs), see KB article.

    Procedure

    1. Navigate to All > HR Administration > COE Security Diagnostics.
      Field Description
      HR case Option to select an HR case for which you want to analyze the COE security policies.
      Note:
      The HR admin who is using COE Security Diagnostics must have access to HR cases that are being evaluated.
      User Option to select the HR agent for whom you want to analyze the COE security policies.
      Operation Option to check the type of access the HR agent has on the given HR case.
      • Read
      • Write
    2. Select Diagnose to view the evaluation results.
      • Can read/Cannot read/Can Write/Cannot write: Message indicating the reason why the HR agent does or does not have to access to the HR case.
      • COE Security Policies: List of evaluated policies.
        • Policies are evaluated only if case COE matches the policy COE or case COE is a child of policy COE and Applies to all child COEs is enabled on that policy.
        • Write policies are evaluated for read access.
        • Evaluation stops once the matching policy passed the requirements.
        Table 1. Details on COE Security Policies
        Field Description
        Policy name Displays the policy name.
        HR Service match Indicates whether the case is matching the HR service configured in the COE security policy.
        Note:
        If Applied to all services is checked on the policy, the policy matches all HR cases of the COE.
        Condition match Indicates whether the condition defined in the COE security policy matches with the HR case.
        Note:
        If condition is set to empty on this policy, then it matches all the HR cases.
        Group match Indicates whether the HR agent matches any of the groups.
        Matched group Indicates the name of first group matched for the HR agent.
        Result
        • Skipped: Indicates that the HR case does not match either HR service or Condition.
        • Failed: Indicates that the HR case matches both HR service and Condition of the policy, but user is not member of any user group.
        • Passed: Indicates that the HR case matches HR service, and condition, and user matches one of the groups.