We are trying to give a sub set of users access to the work contact details for all employees in a particular company.
We do not want to grant supervisor access to this subset of users.
There doesn’t appear to be a access attribute which gives access to the correct LU/area.
We are already using protected persons to hide access to personal address details (and give access to a very small number of users - different to those needing work contact details access).
We might be able to use projection grants to limit the access to unnecessary areas of the person/employee file.
Can anyone suggest a suitable method to allow a user access to work contact details without exposing other HR data?
Many thanks
Dave
Page 1 / 1
Hi @WyrDavidB
will granting access to the person page helps your requirement?
@Dharshankumaar Mahendran - thanks but no. I have a permission set which grants access to the PersonHandling, PersonnelFileHandling, PersonnelFilePersonalHandling and PersonnelFilePersonalWorkAddressHandling Projections
My test user can query for any person, but no contact details are returned (there are multiple records for person 10309)
within the employee file screen, all they can see is their own employee record.
my test user has no access to any employees via pos/org structures or employee access groups
if I add an employee access group and grant access employee/person 10309 by employee/person 10486 as below, access on the person screen is unchanged.
in the employee file screen, my test user has access to employee 10309, and has access to company based contact details (address only)
but the main work contact section is empty (again when logged in as IFSAPP there are multiple valid records here)
the access role I am using in this case is TIMMANCON
which has the following attributes assigned
NOTE - some screen shots captured with an enhanced permission set - but the data access is unchanged.
Granting supervisor access with the very limited permission set does allow access (in conjunction with protected persons) to work contact details - but for all employees - and we would like to restrict this by org as a minimum. It is also highly likely that we will run into additional problems with such a minimal permission set.
Hi @WyrDavidB
Since the requirement is to allow access to all employees so they can change all the required details, I think you can grant the users who needs access to other a supervisor access on the top organization level and enable include subordinates with the above access role you created this should allow them to see all the employee if the access role has the correct attributes, Also in the access role you created you might have to re check the ‘Areas of Access’ for the users to see all the other employees
I would also try to recreate this scenario and get back to you on the solution soon.
I think I’ve got it - just checking I’ve met the requirements - I’ll post here the final solution
Hi @WyrDavidB
That’s nice, looking forward to see the final solution from you.
