• State Suggested Answer
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 94 subscribers
  • Views 2231 views
  • Users 0 members are here
Options
Related

Employee's manager with no editing rights in the web shop

giuseppe denora_57852
over 3 years ago

Hello everyone,

in the web portal, by default, each employee's manager can add, edit and assign a new manager to an employee.

Is it possible  for manager only view their employees while only some specific employees can add, edit (all) employees and assign a new manager?

Thanks

Giuseppe

Parents
  • 0 over 3 years ago

    Hi,

    The Managers can do this because of the default permissions groups assigned.

    There is more on this here:

    https://support.oneidentity.com/identity-manager/kb/262293/how-to-grant-access-to-edit-or-add-employees-in-it-shop

    This would be the best way to update the portal to allow for what you'd like.

    Trevor

  • 0 over 3 years ago in reply to Trevor Pike

    Well, after some testing I think I satisfied my requirements:

    1) A manager doesn't have to modify employee's data: LastName, FirstName, mail address etc. or assign new manager

    2) A manager doesn't have to add a new employee

    For requirement 1)

    I created a custom application role called HR Specialist with Permisions group VI_4_ALLMANAGER

    For My web application I create the component CCC_Common_ObjectSheet_Person,  copy of VI_Common_ObjectSheet_Person, where the container15, containing the tile Master data, must be visible only to an HR Specialist or an admin, for this the viewing condition is:

    "from object select current isHrSpecialistOrAdmin"

    isHrSpecialistOrAdmin is an Boolean identifier under  ComponentInterface1/VirtualTableExtension1, with the following rule:

    Exists(
       "Person",
       SqlAnd(
          SqlCompareUid("UID_Person", GetUser()),
          Format("UID_Person in (select piae.UID_Person from personinaerole piae join AERole aer on aer.UID_AERole = piae.uid_aerole where aer.Ident_AERole = 'HR Specialist')")
       )
    )
    or
    Exists(
       "Person",
       SqlAnd(
          SqlCompareUid("UID_Person", GetUser()),
          Format("UID_Person in (select piae.UID_Person from personinaerole piae join AERoleCollection aec on aec.UID_AERole = piae.uid_aerole where aec.UID_ParentAERole = 'QER-AEROLE-PERSONADMIN-ADMIN')")
       )
    )

    For requirements 2)

    In my web application a created the module CCC_Employee_Overview, copy of VI_Employee_Overview, where the Container4, containing the button Add a new employee, is visible only to an HR Specialist or an admin. The viewing condition is the same query as for isHrSpecialistOrAdmin.

    Regards

    Giuseppe

Reply
  • 0 over 3 years ago in reply to Trevor Pike

    Well, after some testing I think I satisfied my requirements:

    1) A manager doesn't have to modify employee's data: LastName, FirstName, mail address etc. or assign new manager

    2) A manager doesn't have to add a new employee

    For requirement 1)

    I created a custom application role called HR Specialist with Permisions group VI_4_ALLMANAGER

    For My web application I create the component CCC_Common_ObjectSheet_Person,  copy of VI_Common_ObjectSheet_Person, where the container15, containing the tile Master data, must be visible only to an HR Specialist or an admin, for this the viewing condition is:

    "from object select current isHrSpecialistOrAdmin"

    isHrSpecialistOrAdmin is an Boolean identifier under  ComponentInterface1/VirtualTableExtension1, with the following rule:

    Exists(
       "Person",
       SqlAnd(
          SqlCompareUid("UID_Person", GetUser()),
          Format("UID_Person in (select piae.UID_Person from personinaerole piae join AERole aer on aer.UID_AERole = piae.uid_aerole where aer.Ident_AERole = 'HR Specialist')")
       )
    )
    or
    Exists(
       "Person",
       SqlAnd(
          SqlCompareUid("UID_Person", GetUser()),
          Format("UID_Person in (select piae.UID_Person from personinaerole piae join AERoleCollection aec on aec.UID_AERole = piae.uid_aerole where aec.UID_ParentAERole = 'QER-AEROLE-PERSONADMIN-ADMIN')")
       )
    )

    For requirements 2)

    In my web application a created the module CCC_Employee_Overview, copy of VI_Employee_Overview, where the Container4, containing the button Add a new employee, is visible only to an HR Specialist or an admin. The viewing condition is the same query as for isHrSpecialistOrAdmin.

    Regards

    Giuseppe

Children
No Data