Dear all,
does any of the standard security roles restrict a user to access only the projects where s|he is assigned as Projekt Manager, Project Controller, Sales Manager or as a assigned Ressource?
Also it i required to see only project transactions from the projects s|he has access granted.
How should be fulfill this requirement?
Dear Andre, dear Sumit,
thank you for your reply and we will now go to estimate effort to find a solution on this way using XDS. If any of you interested to create the solution based on this requirement within the project module please feel free to contact me with PM on Linkedin.
Hi Andreas,
You probably missed the second part of my reply. The XDS framework is really enforcing on the AOS level the security for individual records.
If you want to learn more, you can read my blogs about this topic. I did spent quite some time in writing blogs and creating some examples which can be downloaded for free: XDS Archives - Dynamicspedia
Hi Andreas,
As suggested, the only way to restrict transaction level data is by creating security policies using XDS framework and apply to required roles. Also note that XDS framework introduces some performance overheads so volume of data will be a key in using this
Hy Andre,
that is exactly is customers pain.
We know "My Projects" which prefilters for the current user unchangeable as he is a Sales Manager, Project Manager or Project Controller:
((WorkerResponsible==HCMWorkerLookup::currentWorker())&&(WorkerResponsible!=0))||((WorkerResponsibleSales==HCMWorkerLookup::currentWorker())&&(WorkerResponsibleSales!=0))||((WorkerResponsibleFinancial==HCMWorkerLookup::currentWorker())&&(WorkerResponsibleFinancial!=0))
This works fine for the first step.
But as we go from Manage/Related Information/Pending transaction or Posted transactions there is just a column filter in the grid which filters to the current project.
So user only needs to remove the Project-ID from column filter and can see all transactions of all projects, what is not desired.
Same situation at Manage/Bill/Invoice journals, they just need to activate the show filter pane and remove the Project-Id to get access all project invoices.
How do other Customer handle this?
As it is large company with a lot of different Business Units and departments, what would you suggest as you are very experienced in secutiy designs?
Hi Andreas,
Out of the box, there is a list page for "my" projects. If you don't assign permissions to the menu item for all projects, this would be an initial security layer.
However, you are also asking about the project transactions. In that case, there is nothing out of the box without doing some development. The eXtensible Data Security (XDS) would be suitable to build the record level security you are asking for.
#1
André Arnaud de Cal...
291,904
Super User 2024 Season 2
#2
Martin Dráb
230,605
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (
