LinkedIn
Copied!

Table of Contents

Controlling access to individual cases

Ensure that only the employee, the employee’s manager, and the human resources staff can view an employee’s timesheet.

Assume that these steps have already been done:

  1. A case type named Timesheet is created.
  2. In the Timesheet class, the EmployeeID property identifies the employee and the EmployeeManagerID property identifies the employee’s manager.

Do these steps to ensure that only the employee, the employee’s manager, and human resources staff can view the employee’s timesheet.

  1. In Dev Studio, create an access control policy for an Apply to class equal to Timesheet and Action equal to Read.

    For more information, see Creating an access control policy condition.

  2. Next to the Permit access if field, click the Open icon to create a new Access control policy condition instance.

  3. Create an access control policy condition named CanViewTimesheet to define who can view the timesheet. Enter the following values:

    For more information, see Creating an access control policy condition.

    1. Policy condition A = Requestor.AccessGroup = HRApp:HRStaff (the user works in human resources)

    2. Policy condition B = Requestor.OperatorID = EmployeeID (the user is looking at the user’s own timesheet)

    3. Policy condition C = Requestor.OperatorID = EmployeeManagerID (the user is the manager of the employee on the timesheet)

    4. Conditional logic = A OR B OR C

  4. On the Access control policy instance, in the Permit access if field, enter CanViewTimesheet. Only users who satisfy the condition in step 3d can view the timesheet.

    Access control policies apply not only to the application user interface, but to most Pega Platform features. For example, PropertyRead policies also apply to reports, searches, and even to custom SQL that you write.

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.