Who's On?

	Membership:
	Latest: DW
	Past 24 Hours: 0
	Prev. 24 Hours: 1
	Overall: 5246

	People Online:
	Visitors: 97
	Members: 0
	Total: 97

Name	Points
Greg Moeller	4184
David Williams	3349
JonA	3291
Kat V	2984
Woozy	1973
Jimmy Chiu	1883
Kwane McNeal	1437
Ragu Raghavan	1375
Roger French	1315
mark.cook	1244

MSS and ProcessLevelControl

5 Replies

0 Subscribed to this topic

15 Subscribed to this forum

Sort:

Author

Messages

Advanced Member Send Private Message

Posts: 41

3/13/2014 4:01 PM

We have placed a custom rule, then an role in RM for MSS users. This custom rule is checking the PROCESSLEVELCONTROL feature in RM. The goal was when the manager would create a personal action they would only be able to select the departments that are in the specific process level...Works like a charm for fields like Department (only shows the departments that the mgr has access to). The problem is the Expense Account / Sub Account and activity. when we have the rule for Process Level control, we no longer can use the selection to view the account information, it comes back with 'no accounts'. I have tried adding system control restraints, but have not found any combination that will allow me to see only the departments that I should see...and still get the list of accounts. Has anyone fiured this out ? Thanks

MikeD

Basic Member Send Private Message

Posts: 4

4/29/2014 2:38 PM

We have a similar issue at our company. We're implementing a ProcessLevelControl rule as follows: if(user.attributeContains('ProcessLevelControl',lztrim(PROCESS_LEVEL))) 'ALL_ACCESS,' else 'NO_ACCESS,' However, when this rule is used, it prevents users from accessing their information in Employee/Manager Self Service. How can we modify this rule so that employees can view their own information, but not have access to everyone else's information in the HR forms? I've tried a couple things but it hasn't worked. Thanks, Mike

Deleted User

New Member Send Private Message

Posts: 0

4/29/2014 3:12 PM

I'll be anxious to see if anyone else replies with a solution to this, as it is a problem for us with Process Level limited roles where the employee is not themselves in any of the process level to which they are limited for their backoffice working role. I had been told in the past that the Process Level Control is "at the program level" - and that it the RMID has failed that rule, no other security rule will be read. So the "greater access wins" does not work with hte PLControl rule.

Roger French

Veteran Member Send Private Message

Posts: 549

5/1/2014 2:16 PM

Are you using Element Groups in any of your security rules? Also what you are wanting can be done. Something like this: if(user.attributeContains('ProcessLevelControl',lztrim(PROCESS_LEVEL))) || getIdentityAttribute('PROD_EMPLOYEE','Employee',user.getRDId())==table.EMPLOYEE
'ALL_ACCESS,'
else
'NO_ACCESS,' Where PROD_EMPLOYEE is the name of the ESS Service,

MikeD

Basic Member Send Private Message

Posts: 4

5/2/2014 12:18 PM

Yes, we are using Element Groups for the above ProcessLevelControl rule I posted.

Advanced Member Send Private Message

Posts: 41

1/15/2015 5:11 PM

not sure if you have an answer, but we had to add SystemCode=='IF'||

in front to be able to get those accounts.