Security

Question

Hello all,
Hoping you may share some thoughts on this.
For the workflow, we have created security groups :
1. for input users (WF_Preparer) assigned to the Workflow steps in the Workflow execution Group&nbsp;
2. review users (WF_Review) assigned on the Workflow profile&nbsp;in the Workflow execution Group and Certification Sign-off Group.
The preparers and reviewer users are, of course, different.
However, as mistakes can happen, is there any possibility to prevent an Admin to assign the same user in both groups? Can the system issue an error or a message when trying to add a user to one role if it already exists in the other?
Thank you!
&nbsp;
&nbsp;
&nbsp;

Henning · Answer

Hi, generally I would say, this is what testing is for, to root out potential errors in the system such as this. The easiest solution to this may be a dashboard which flags users which are in both groups visually. In such a case, the admin would need to check the dashboard after users have been added. But that may only be worth it if you are talking about a large number of users.
The way to go about it when we are talking about small changes may be to just look at the newly created user and check if the user is in fact only in one of the respective groups.

If this is all not satisfying, one might investigate whether event handlers such as WCF can be used to catch saving changes to users and return an error in case someone tries to save an undesired user group combination.

Forum Discussion

Security

Related Content

Security

Security report

Data Cell Access Security (Slice Security) Not Working With Multiple UD Dimensions

Excluding Groups from Manage System Security Roles

Member List Business Rule in Data Access Security