Solved

To restric Data acces for Request

  • 25 March 2021
  • 8 replies
  • 181 views
athobie
Rank
Userlevel 4
Badge +11

HI,

I would like to restrict the data access in the Request Screen according to the organization of the service provider.

The access group is used to separate activities : 1 access group for telecom activities, 1 other for Electric activities.

But for one access group (BU telecom for example), the service provider want that a user based on West (this user works for customer based on West) will not see Requests’data for customer based on East. 

What settings could we use to prevent a West User to see Request data for East ?

Could we use Posting group to do that ? 

Is it possible in UI designer to define a screen with Data Restriction based on the user who is connected ? that is to say : FSM know that the user connected on West (posting group or person physical_svc_grp, ….)

Thanks for your contributions

Regards

icon

Best answer by Sven Paul 26 March 2021, 11:56

View original
This topic has been closed for comments

8 replies

AdrianEgley
Rank
Userlevel 5
Badge +14

Hi @athobie,

 

It might be the long way around to get to what you need, but I’d perhaps look at roles and then duplicating the screens. 

Have a role for East and West. Then have dedicated Request Screens for the roles. If you are storing the Value East and West in a field on the request table, that can be used as a primary table constraint to prevent users seeing requests they don’t need to see.

 

Again that's probably the long way round doing it. It also means doubling up any UI changes as you have more screens to manage in the future. But at least its an option.

 

Regards

Ady

athobie
Rank
Userlevel 4
Badge +11

Hi @AdrianEgley 

Thanks you for your help. 
Yes it’s a long way...but it ‘a way that we have probably for 80% of projects and I voluntarily simplified the business case. Probaly, the most current case is to replicate the hierachy of the organization in the data rights access when a user will connect to the application.

Many customers or propsects want to separate data because as service providers for multiples activities (telecom, electricity, etc...) and for many customers/contracts they often have users dedicated to one of them. Thus, they clearly want that rights for a user dedicated to a territory (first level  = reflects of the organization) or customers or  contracts (or a combination of 3 organization/customer/contract)  must not see Request’s data that does not belong to him. 
I don’t ask about Filter data by saved search, but really data access rights when I open the request screen or contract screen or quote screen.
For example, if we have an Field Manager or Contract Manager in New York, he must not see data for California.

If the way could be duplicate role and screen...it’s a hard work to create and maintain this configuration, because we have to do this for 40 areas or more...
I thought that there was a more simple way to separate data (not filter) according to the organization of the company that often have 3 or 4 operational levels :
National (France/GB)
Regional (East/West.North/South)
SubRegion 1 : TeamA, TeamB, TeamC, TeamD 
SubRegion 2 : TeamE
The customer/contract/request for the TeamD should not displayed for the for a user of TeamE.

The access group or posting group could be a way, but if I’m not mistaken we couldn’t establish a hierachy and relationship with access group or posting group.

I thought that we could have by settings this node hierachy (geographical or by activities) to restrict data access and the relationship to the nodes that reflects the organization of the company.

No customer who has deployed FSM has requested this requirement?
 

 
thanks for your help

Regards

Lee Pinchbeck
Rank
Userlevel 7
Badge +24

Hi @athobie,

Are you able to use the filter on the UI Designer screen for this? At the top left of the screen you should see a funnel image. Clicking this will bring up a screen that allows you to add filters based off of particular settings.

You should be able to set something like request access group = user access group and this would then only show data that fits that filter.

Might be worth giving a go to see if it suits your needs.

Kind regards,

Lee Pinchbeck

Currently reading: The Way of Kings - Brandon Sanderson
S
Rank
Userlevel 3
Badge +6

Hi @athobie ,

yes, other customers has the requirement as well.

They are different ways of solving this.

The easiest way would be to create access groups for every line on your picture.

Then create roles for every Access Group and connect the required roles to the person. By this way you can create a hierarchy for the permissions / data access. 

In addition to this you need to use the business rule 67 to connect the access group from the place or person with the request and business rule 70 for the task.

Btw.

This logice can also be used for the usageof  different business rules / values for different teams / regions.

Best regards,

Sven

AdrianEgley
Rank
Userlevel 5
Badge +14

@athobie,

Your diagram does lend itself to @Sven Paul way of thinking.

Didn’t realise it would be that complex in needing up 40 levels, so my suggestion can be binned. Managing that many screen would be a nightmare.

Ady

 

athobie
Rank
Userlevel 4
Badge +11

Hi,

Thanks all for your help  :)

Regards

S
Rank
Userlevel 3
Badge +6

@athobie 

What pops also up in my mind. You can use the physical service groups to limit the access. So a combination of Service Groups and Access Groups might be usefull for your requirement.

 

athobie
Rank
Userlevel 4
Badge +11

@Sven Paul  Ok many thanks, we will try this way also.

Terms & ConditionsCookie settings