WebPortal: Employee which can be edited by the current employee

Hello,

I have the following setup to only allow users to edit employees that are IsExternal=1. Here is my SQL on it...

"uid_person in ( select uid_person from QER_VEditEmployee where uid_personhead = '%useruid%')
and ((IsExternal = 1) or (IdentityType = 'Service'))
Or
uid_person in ( select uid_person from person where ccc_deputymanager = '%useruid%' )
and ((IsExternal = 1) or (IdentityType = 'Service'))"

This does not restrict employees who are sponsor for IsExternal=0 if they look them up on white pages. When someone looks up someone they sponsor on the white pages they can navigate to Master Data and edit the employee. Is this suppose to restrict employees who go into webportal the ability to edit the Person record? Persons that are IsExternal=0 are loaded from HR and only should be managed by the sync from HR data.

I hope someone can help.

Thank you,

0 Trevor Pike over 3 years ago

Hi Lu,

Were you referring to the following for this?

https://support.oneidentity.com/identity-manager/kb/262293/how-to-grant-access-to-edit-or-add-employees-in-it-shop

Trevor
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 lrigs over 3 years ago in reply to Trevor Pike

Trevor,

Yes that is where i have it configured. To only allow employees to edit IsExternal=1 accounts. However if they search a user in the White Pages they can select the user they are personhead on and still update master data.

Lu
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Endpoint Privilege Management

WebPortal: Employee which can be edited by the current employee