• State Not Answered
  • Replies 1 reply
  • Subscribers 95 subscribers
  • Views 777 views
  • Users 0 members are here
Options
Related

WEB Designer - Employees for whom a request can be placed

isd
over 4 years ago 
Hello everyone!
My question is topic title. I looked at the following topics:
https://support.oneidentity.com/identity-manager/kb/262293/how-to-grant-access-to-edit-or-add-employees-in-it-shop
https://www.oneidentity.com/community/identity-manager/f/forum/30277/web-designer-employees-for-whom-a-request-can-be-placed
https://www.oneidentity.com/community/identity-manager/f/forum/30985/employees-for-whom-a-request-can-be-placed/75360#75360
https://www.oneidentity.com/community/identity-manager/f/forum/5183/employees-authorized-to-add-and-edit-employees-global-config-parameter
But I could not find the answer I needed in them.

The question is: WEB Designer has a filter that shows who can make requests to whom. ONEIM version 8.1.2. This is what this filter looks like for me:

"uid_person in (SELECT qv.uid_person FROM QER_VEditEmployee qv 
 join person p on qv.UID_Person = p.UID_Person
 where (qv.UID_PersonHead = '%useruid%' AND p.IsInActive = 0 )union
 select uid_person from Person where Exists
(SELECT XObjectKey
 FROM PersonInOrg
 WHERE UID_Org = '**********' AND UID_Person = '%useruid%' AND IsInActive = 0 ))"


If I parsed the syntax correctly, then in the first SELECT it checks whether the user logged into the IT SHOP portal is a Manager 
and if this is true, then he can see his active subordinates 

(
SELECT qv.uid_person FROM QER_VEditEmployee qv 
 join person p on qv.UID_Person = p.UID_Person
 where (qv.UID_PersonHead = '%useruid%' AND p.IsInActive = 0
)
 
Then UNION is added and in the second request, if there is at least one valid value after EXISTS, 
then employees who are in a specific UID_ORG can request access to all employees of the company, except those who have been dismissed.

(
select uid_person from Person where Exists
(SELECT XObjectKey
 FROM PersonInOrg
 WHERE UID_Org = '**********' AND UID_Person = '%useruid%' AND IsInActive = 0 )
)
I have such a case. 
Our company employs employees of contractors. 
They work according to NDA with a shelf life of, say, 1 year. 
After this period, IDM blocks them and only I can restore them.

I created a role that allows through the IT Shop to request the restoration of an already disabled account and automatically assign DayLastWorked @ Person 
to it according to the date that the manager chooses.

But the problem is, executives don't see disabled employees. So, now that I have described the case in more detail, I will move on to the questions:

1.How to set up the filter in such a way as to add another UNION, but which will not display all UID_Person if EXISTS = TRUE, but will display only inactive employees of a particular department (FullName @ Department) for a query?
2.This request should be in a single request, which I indicated in the case at the very beginning, how to combine them?

3.And the last question, how to add another UNION, which will display the employees of a certain department in the general request, but only active ones, but in order to request access to them, only employees of a specific UID_ORG @ PERSONINORG could?

Thanks for any information!
Parents Reply Children
No Data