...
The Security Group access for a User is set up in Manage Users/Contacts. As an example, create a security group for Location attribute.
|
Enter the security group description, select the Attribute ID and save.
|
The new security group shows for Location as given below.
|
Let us assign this newly created security group to a user. Navigate to Manage Users/Contacts and access the user page.
|
Create a new user/contact or edit an existing user.
|
In Row Level security, select the newly created security group for Location attribute and save. This will restrict the user to access the candidates' data specific to that location in consoles.
|
The console data for the above user displays the candidates belonging to that Location security group only. Let us check this in the Invitation Console. Click here to view the details of how Security Groups are specified.
Search invitation console and click "Info and Actions" for any invitation.
|
Check the Information tab for Location. The newly set up Location security group shows in the information.
|
The above restriction on user access is also applicable to Elasticsearch as well as dashboards.
If the user tries to access the candidate data that does not belong to the Location the user has access to, then the user will be redirected to the unauthorized access page.
Dashboards example:
Click on the number or segment of the graph in the I-9 Insight chart.
|
The user can see the list of all I-9 IDs of the segment as shown below, but the drill down data can be seen only for the I-9s of the candidates that belong to the locations the user has access to.
|
|
When clicked on the I-9 IDs of the candidates belonging does not belong to the Location the user has access to to other locations, the following unauthorized access error message will be displayed.
|
Elasticsearch:
In Elasticsearch, all the category related search results and their actions oblige row level security except I-9 Status, I-9 Compliance and I-9 Life Cycle.
In I-9 Status, I-9 Compliance and I-9 Life Cycle categories, the search results show all the rows but the drill down redirects the user to the unauthorized page if the candidate does not belong to the locations the user has access to.
Examples:
| Elasticsearch - Invitations |
|---|
|
| Elasticsearch - My Tasks |
|---|
|
Select any candidate and click on the invitation ID link. The page redirects to error message if the user has no access to the candidate data.
| Elasticsearch - I-9 Status |
|---|
|
When clicked on related action for the above invitation, the page displays error message.
|
|
