Secure Person Records by Area of Responsibility

Usually, you secure access to person records by either manager hierarchy or area of responsibility. This topic describes how to use area of responsibility.

Note: If you're going to use area of responsibility, then the employees who need to access person records must have areas of responsibility defined. Let's say that your human resource specialists manage person records for a country. They must have an area of responsibility, such as human resources representative, for that country.

Create the Person Security Profile

1. Select Navigator > My Client Groups > Workforce Structures.

2. On the Tasks panel tab of the Workforce Structures work area, select Manage Person Security Profile.

3. On the Manage Person Security Profiles page, click Create.

4. In the Basic Details section of the Create Person Security Profile page, give the security profile a name.

5. In the Area of Responsibility section, select Secure by area of responsibility.

6. Select a Responsibility Type value. For example, select Benefits representative or Union representative.

7. Select a Scope of Responsibility value.

   You can select a single value, such as Department or Job. Or, you can select a combined value, such as Business unit and job or Legal employer and location.

   Note: The Country scope of responsibility means the country of the legal employer, not the country where the employee assignment is based.

8. Update the worker type selections as needed. For example, to give access to just employee records, deselect all values except Employees.

9. So far, in the Area of Responsibility section you have identified some person records. To exclude some of those records from the security profile, select Apply exclusion rules in the Exclusion Rules section.

10. Click the Add Row icon.

11. Select an exclusion rule.

    Tip: Make sure that the rule is enabled. It has no effect if it's disabled.

    You can add up to three exclusion rules.

12. Click Next.

Preview the Person Security Profile

On the Create Person Security Profile: Preview page, you can test your security profile before you save it.

1. On the Person Access Preview tab, select a user with the area of responsibility that you included in the security profile. When you click Preview:

   • The User Summary section of the page shows how many person records this user could access.

   • The Assigned Areas of Responsibility section of the tab lists the user's areas of responsibility.

   Note: The results from the Person Access Preview are based on this person security profile only. Users could have other roles that provide access to other person records.

2. In the Search Person section of the tab, you can search for specific person records to see whether the user could access them. The search is of the person records that were identified when you clicked Preview for the user. For example, if the preview identified 50 person records, then those 50 person records are searched.

3. To view the SQL predicate that the security profile generates, click the SQL Predicate for Person Access tab.

4. Click Save and Close when you're done.