...
Security Groups are used to define access for Administrative and Business Users. The User can Users can only access attributes that are included in Security Groups for candidate data within consoles and dashboards that belong to the attributes specified in the Security Group for which they have been set up. For more details, follow the sections discussed below.
What is a Security Group?
A Security Group is a list of specific HR attribute values that can be accessed by a Useruser.
Who can access
...
Security Groups?
The Users with System Administrator is the only user who role can access Manage Security Groups.
How do you access
...
Security Groups?
Click the Menu Icon. Under Security, Clickthe menu icon on the left and select "Manage Security Groups" from the navigation menu.
 |
How do you select the attribute values that are available to Users users in a Security Group?
Select an attribute for which you would like to create a Security Group.
Manage Security Groups |
|---|
|
Click "Add" to add an entry for a new Security Group.
Manage Security Groups |
|---|
|
Enter a Description description for the Security Group. Click To select the attribute, click the lookup icon for "Attribute ID".
Define Security Group |
|---|
|
Select an Attribute an attribute value to be included in the Security Group.
Look Up Attribute ID |
|---|
|
Click the "Add" icon to add another Attribute attribute value for the Security Group.
...
Repeat the lookup process, selecting a different Attribute attribute value. After After adding all the values have been added, click "Save".
Define Security Group |
|---|
|
The newnewly created Security Group now shows for the AttributeCompany attribute.
Manage Security Groups |
|---|
|
You can add the same Security Group to other Attributes, if desired. You Similar to this, you can add as many Security Groups as you would like to need for any attribute(s).
How
...
do you assign
...
a Security Group to a
...
user?
The Security Group access for a User user is set up in Manage Users/Contacts. As an example, let us create a security group for Location new Security Group for the Company attribute.
|
Enter the security group Security Group description, select the Attribute ID and save.
|
The new security group Security Group shows for Location the Company as given below.
|
Let us assign this newly created security group Security Group to a user. Navigate to Manage Users/Contacts and access the user page.
|
Create a new user/contact or edit an existing user.
...
In For more details on adding a new user, please click here.
On the Invite/Edit User page, configure the Row Level security , select to the newly created security group for Location attribute Security Group and save the changes. This will restrict limit the user to access the candidates' 's access to candidate data specific to that location in consoles.
...
The console data for the above user displays only the rows belonging to that Location security group. Let us check this in the Invitation Console.
With the user login, navigate to invitation console and click on "Search" button. This displays the invitation data that the user has access to.
Now let us check the location information for any invitation. Select an invitation and click "Info and Actions" link.
...
Check the Information tab for Location. The new Location security group shows in the information.
...
The above restriction on user access is also applicable to Elasticsearch as well as dashboards.
If the user tries to access the candidate data that does not belong to the Location the user has access to, then the system displays an unauthorized error message.
Dashboards example:
Click on the number or segment of the graph in the I-9 Insight chart.
...
The user can see the list of all I-9 IDs of the segment as shown below, but the drill down data can be seen only for the candidates that belong to the locations the user has access to.
...
...
The user cannot access the candidate data that belong to locations not configured for him. When clicked on those I-9 IDs, the user will be redirected to the following unauthorized access page.
...
Elasticsearch:
In Elasticsearch, all the category related search results and their actions oblige row level security.
However, in I-9 Status, I-9 Compliance and I-9 Life Cycle categories, the search results show all the rows but the drill down redirects the user to the unauthorized access page if the candidate does not belong to the locations the user has access to.
Examples:
...
...
Select any candidate and click on the invitation ID link. The page redirects to error message if the user has no access to the candidate data.
...
When clicked on related action for the above invitation, the page displays error message.
...
...
company within consoles and dashboards.
|
