TIP: SBM: What are the API options available with SBM, and how much do they cost? See KB doc… https://t.co/2SI6ASmWAE
I'm developing a new Process app for our internal org to manage Employee Life Cycles at our organization. Part of the employee life cycle involves the completion of a 30, 60, and & 90 day probationary plan. Our intent is to have the manager of that particular employee upload a signed PDF of those completed probationary plans to the ELCM item. I'm also driving some of the workflow/notifications, and other items off the uploading of these completed files, so I've created a file field to accommodate these attachments.
I've locked down the application such that all managers belong to a "Manager" security role, HR belongs to an "HR" security role, and myself (admin) belongs to an "Administrator" security role. Only these three roles have access to the field field in question (there are other security roles in the process app).
Is there a way to make it such that a manager can not view the attachments uploaded by different managers? I'd be okay if these attachments didn't even show up int he list.
Accepted AnswerEmployeeGarry WomackOffline0Hi Curtis. If you were using traditional file attachments, I think you could restrict access to the attachments better without restricting access to the items to which they are attached. With the file field, it is much like other fields, and you can use field sections and item privileges to restrict. It sounds like you have already applied the field section permissions - so you would likely need to establish a scenario of access for managers based on owner/secondary owner fields. HR and Admins could possibly have enough privileges not to be restricted by ownership.
Assuming "Manager", "HR" and "Administrator" Roles, create 3 dummy transitions:
-- "Manager Role" -- restrict by Role to "Manager" Role
-- "HR Role" -- restrict by Role to "HR" Role
-- "Admin Role" -- restrict by Role to "Administrator" Role
These transitions will never be used .. they're just there to indicate if the User has one of the 3 Roles
On your State form; add a hidden tab or section and put 3 buttons in it. Those 3 buttons get mapped to the 3 dummy transtions:
-- btn_Manager_Role -- Behavior = Perform the "Manager Role" transition
-- btn_HR_Role -- Behavior = Perform the "HR Role" transition
-- btn_Admin_Role -- Behavior = Perform the "Admin Role" transition
Add form Actions:
-- When: Form is Loaded
-- Then: Hide the hidden tab
-- When: Form is loaded
-- If: btn_Manager_Role button is visible
... .etc... repeat for the other 2 buttons
Deploy and assign the "Manager", "HR" and "Administrator" Roles to the appropriate Groups. Anyone with the "Manager" Role will only be allowed to execute the "Manager Role" transition .. the other 2 transition buttons will be hidden. The Form Actions detect this and hide stuff the "Manager" Role isn't allowed to see.
Because the transition buttons are on a hidden tab/section, they can't be clicked.
This would be simplified if there was a "UserHasRole" JS function.