Security: Access Authorizations for Digital Personnel File
Introduction
In order to cover the whole concept, different aspects have to be considered:
There are different roles in the company:
- Employee: They may only access and modify their own records.
- Supervisor: They may access and modify the business records of their directly subordinate employees. For data protection reasons, they are not permitted to access personal data. However, as supervisors are usually also employees, they may also access their own records. In this case, of course, the personal data is also accessible.
- HR Manager: Thanks to their role, they may access and modify all records.
Due to these different roles and the resulting authorizations, the Digital Personnel File is available out-of-the-box in three views:
- Digital Personnel File: This view displays all business and personal data and information about the employee and can therefore only be accessed by the HR Manager. The HR Manager is defined in the section Personnel Administration Data or in the header of the record.
- Supervisor File: This view displays only the business information that is relevant to the Supervisor and can be accessed by the responsible Supervisor and the HR Manager. The supervisor is defined in the section Business Data.
- Self-Service File: This view displays the information that is relevant to the employee and can only be viewed by the employee and the HR manager. The employee can modify his or her own data, such as address, bank details, or emergency contacts.
Everything is fully regulated out-of-the-box:
- The HR manager can access all records.
- Supervisors can access both their own Self-Service File as well as the Superior Files of their directly subordinate employees.
- All other employees can only access their Self-Service File.
Scenario: You want to create your personal view and restrict access to this view.
In this case, you can set access rules by extending a Settings Key.
All you need is the GUID of the self-created view.
Open the advanced search via the title bar
Search for xRM1 Settings Keys
Open the entry EmployeeFileForms with a double-click.
The Value will be displayed out-of-the-box
This configuration is divided into three sectors:
- EmployeeForms: These views can be accessed by employees
- SupervisorForms: These views can be accessed by supervisors
- Fallback: Employees or supervisors are automatically redirected to these views when they try to open a view that they are not allowed to access.
To extend one of the first two categories, add the GUID of the self-created view in quotation marks and separated by a comma after the existing entry. This could look like this
Now save the Settings Key