TIP: VM: In-place upgrade from VM 8.6.0 fails with Restore report showing a failure for the file gatekeeper-core-co… https://t.co/deph08k4zO
I'm developing a new Process app for our internal org to manage Employee Life Cycles at our organization. Part of the employee life cycle involves the completion of a 30, 60, and & 90 day probationary plan. Our intent is to have the manager of that particular employee upload a signed PDF of those completed probationary plans to the ELCM item. I'm also driving some of the workflow/notifications, and other items off the uploading of these completed files, so I've created a file field to accommodate these attachments.
I've locked down the application such that all managers belong to a "Manager" security role, HR belongs to an "HR" security role, and myself (admin) belongs to an "Administrator" security role. Only these three roles have access to the field field in question (there are other security roles in the process app).
Is there a way to make it such that a manager can not view the attachments uploaded by different managers? I'd be okay if these attachments didn't even show up int he list.
Accepted AnswerEmployeeGarry WomackOnline0Hi Curtis. If you were using traditional file attachments, I think you could restrict access to the attachments better without restricting access to the items to which they are attached. With the file field, it is much like other fields, and you can use field sections and item privileges to restrict. It sounds like you have already applied the field section permissions - so you would likely need to establish a scenario of access for managers based on owner/secondary owner fields. HR and Admins could possibly have enough privileges not to be restricted by ownership.
Assuming "Manager", "HR" and "Administrator" Roles, create 3 dummy transitions:
-- "Manager Role" -- restrict by Role to "Manager" Role
-- "HR Role" -- restrict by Role to "HR" Role
-- "Admin Role" -- restrict by Role to "Administrator" Role
These transitions will never be used .. they're just there to indicate if the User has one of the 3 Roles
On your State form; add a hidden tab or section and put 3 buttons in it. Those 3 buttons get mapped to the 3 dummy transtions:
-- btn_Manager_Role -- Behavior = Perform the "Manager Role" transition
-- btn_HR_Role -- Behavior = Perform the "HR Role" transition
-- btn_Admin_Role -- Behavior = Perform the "Admin Role" transition
Add form Actions:
-- When: Form is Loaded
-- Then: Hide the hidden tab
-- When: Form is loaded
-- If: btn_Manager_Role button is visible
... .etc... repeat for the other 2 buttons
Deploy and assign the "Manager", "HR" and "Administrator" Roles to the appropriate Groups. Anyone with the "Manager" Role will only be allowed to execute the "Manager Role" transition .. the other 2 transition buttons will be hidden. The Form Actions detect this and hide stuff the "Manager" Role isn't allowed to see.
Because the transition buttons are on a hidden tab/section, they can't be clicked.
This would be simplified if there was a "UserHasRole" JS function.
Accepted AnswerMark QuahOnline0My requirement is slightly different. User wants to specify who can view the document.
A separate work flow for storage of sensitive document is created. User will post a new sensitive document records form the main record. He can have full control of who can view the documents by selection of the owner/secondary fields. He then adds the attachment into the sensitive document records.
Use an embedded reports to display the documents in the main records.
The sensitive document record is now used storing all sort of financial records from many workflows.