Versions Compared

Version Old Version 11 New Version 12
Changes made by

SriGowri Aspari

SriGowri Aspari

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Like this, you can add as many Security Groups as you would like to any attribute(s).

How

...

do you assign

...

a Security Group to a

...

user?

The Security Group access for a User user is set up in Manage Users/Contacts. As an example, let us create a security group for Location attributea Company.


Image RemovedImage Added



Enter the security group description, select the Attribute ID and save.


Image RemovedImage Added



The new security group shows for Location as given below.


Image RemovedImage Added



Let us assign this newly created security group to a user. Navigate to Manage Users/Contacts and access the user page. 


Image RemovedImage Added



Create a new user/contact or edit an existing user. For more details on adding a new user, please click here.

In this case, the existing user account is edited to change the Row level security for Location.

...

Image Removed

In Row Level security, select On the Invite/Edit User page, configure the Row Level security to the newly created security group for Location attribute and save the changes. This will restrict limit the user to access the candidates' 's access to candidate data specific to that location in consoles.

...

Image Removed

The console data for the above user displays only the rows belonging to that Location security group. Let us check this in the Invitation Console. 

With the user login, navigate to invitation console and click on "Search" button. This displays the invitation data that the user has access to.

Now let us check the location information for any invitation. Select an invitation and click "Info and Actions" link.

...

Image Removed

Check the Information tab for Location. The new Location security group shows in the information.

...

Image Removed

The above restriction on user access is also applicable to Elasticsearch as well as dashboards.

If the user tries to access the candidate data that does not belong to the Location the user has access to, then the system displays an unauthorized error message.

Dashboards example:

Click on the number or segment of the graph in the I-9 Insight chart.

...

Image Removed

The user can see the list of all I-9 IDs of the segment as shown below, but the drill down data can be seen only for the candidates that belong to the locations the user has access to.

...

Image Removed

...

Image Removed

The user cannot access the candidate data that belong to locations not configured for him. When clicked on those I-9 IDs, the user will be redirected to the following unauthorized access page.

...

Image Removed

Elasticsearch:

In Elasticsearch, all the category related search results and their actions oblige row level security.

However, in I-9 Status, I-9 Compliance and I-9 Life Cycle categories, the search results show all the rows but the drill down redirects the user to the unauthorized access page if the candidate does not belong to the locations the user has access to. 

Examples:

...

Image Removed

...

Image Removed

Select any candidate and click on the invitation ID link. The page redirects to error message if the user has no access to the candidate data. 

...

Image Removed

When clicked on related action for the above invitation, the page displays error message.

...

Image Removed

...

company within consoles and dashboards.


Image Added