Controlling access to individual cases
Ensure that only the employee, the employee’s manager, and the human resources staff can view an employee’s timesheet.
Do these steps to ensure that only the employee, the
employee’s manager, and human resources staff can view the employee’s
timesheet.
- In Dev Studio, create an access control policy for an
Apply to class equal to
Timesheet and Action equal to
Read.
For more information, see Creating an access control policy condition.
- Next to the Permit access if field, click the Open icon to create a new Access control policy condition instance.
- Create an access control policy condition named
CanViewTimesheet to define who can view the
timesheet. Enter the following values:
For more information, see Creating an access control policy condition.
- Policy condition A = Requestor.AccessGroup = HRApp:HRStaff (the user works in human resources)
- Policy condition B = Requestor.OperatorID = EmployeeID (the user is looking at the user’s own timesheet)
- Policy condition C = Requestor.OperatorID = EmployeeManagerID (the user is the manager of the employee on the timesheet)
- Conditional logic = A OR B OR C
- On the Access control policy instance, in the Permit access
if field, enter CanViewTimesheet. Only
users who satisfy the condition in step 3d can view the timesheet.Access control policies apply not only to the application user interface, but to most Pega Platform features. For example, PropertyRead policies also apply to reports, searches, and even to custom SQL that you write.
Previous topic Validating user input and preventing invalid values Next topic Encrypting the values of sensitive properties