Solved

HR Lobby Element - granting access without using org/position access

  • 10 December 2019
  • 9 replies
  • 407 views

Userlevel 2
Badge +3

I’ve created a lobby element which shows upcoming leave for senior management - this is for use by our Project Management department.

 

As Senior Managers are across various org units, I’ve had to grant Project Managers access to departments via Graphical Org Structure and to relevant Positions via Position Access Setup.

This means, they can see senior managers’ time registration/absences.

Is there a way to grant access just to the lobby data source, without having to touch HR org/position access? i.e. so they are only able to see these absences via the lobby element?

icon

Best answer by SimonSundberg 18 December 2019, 16:45

View original

9 replies

Userlevel 7
Badge +14

You can navigate to the lobby data source from the Lobby Data Source Navigator screen and use

the link of the presentation object under information pane. See below screenshot: 

 

 

Once clicked, the presentation object will be opened under Presentation Object Grants window. 

You can grant this object to a permission set along with the required database object permissions.

(The database objects can be checked by right clicking and selecting the option Show Database Objects)

 

 

 

Userlevel 1
Badge +3

KasunB Is this getting you pass to the HR access rules settings via Org Units and Positions?

Userlevel 2
Badge +3

Thanks for your reply KasunB - I had tried this, but it grants access to the lobby element, but visible employee absences are still limited via HR restrictions - i.e. require Org Unit  & Position Access to be updated. (Same question as Christer above).

Perhaps there isn’t a way around this, the only downside is it requires ongoing maintenance as Org Unit access is by individual employee rather than position/I’d rather not open up time reg/absence of all employees, just to be able to view this lobby element.

Userlevel 1
Badge +3

I don’t think there are a way around that. or should there? To me it would be a hole in the established HR security. As always security bites you in the back sometimes.

Userlevel 2
Badge +3

There doesn’t appear to be. My only issue with the HR settings, is it actually gives them more visibility than I want - i.e. I only want them to see these employees in the lobby element, but granting org/position access then makes those employees visible in any HR screen they have access to.

Badge +1

We were having the same issue, people needed access to certain information in the HR-module, adding HR-access gave way too much information as they just needed a specific thing.

 

We solved it by creating an IAL - “Information Access Layer” that only gathered the information that was necessary and gave access to that IAL to the users who needed it. We then created a Lobby element using that data.  The IAL runs every 10 minutes so it’s not realtime data but it’s enough for us.

 

It’s a pretty roundabout way to get it working but we would rather have it that way then give too much access to the HR-module.  Just make sure that the permission for the IAL is only granted to the right personel if it’s sensitive information.

Userlevel 2
Badge +3

Thanks @SimonSundberg  - that’s good to know using IAL is an option to get around the HR access.

Userlevel 1
Badge +3

The other way I see to “solve” this is via persmission set. Create permission sets that reflects the need of forms to visible for the enduser.

Userlevel 1
Badge +6

Hi @SimonSundberg I have read your reply with great interest, we have tried ourselves to make an IAL, but we cannot get it to work correctly - would it be possible for you to inform me what your IAL looks like, pls. Best regards, Marianne

Reply