Options for Securing Person Records by Manager Hierarchy
The person records that a manager can access depend on how you specify the manager hierarchy in the person security profile. This topic describes the effect of the Person or Assignment Level option, which you set to either Person or Assignment.
The Person or Assignment Level option, regardless of its setting, controls access to person records. You can't enable access to particular assignments.
Consider the following example manager hierarchy.
Harry is a line manager with two assignments. In his primary assignment, he manages Sven's primary assignment. In his assignment 2, Harry manages Jane's primary assignment.
Monica is a line manager with one assignment. She manages Jane's assignment 2 and Amir's primary assignment. In her primary assignment, Jane manages Franco's primary assignment. In her assignment 2, Jane manages Kyle's primary assignment. This figure shows this example manager hierarchy.
Managers other than line managers can access person records secured by manager hierarchy only if their roles have the appropriate access to functions and data. Providing this access is a security configuration task.
Person-Level Manager Hierarchy
When Person or Assignment Level is Person, the security profile includes any person reporting directly or indirectly to any of the manager's assignments.
This table shows the person records that each of the three managers can access in a person-level manager hierarchy.
|
Manager |
Sven |
Jane |
Franco |
Kyle |
Amir |
|---|---|---|---|---|---|
|
Harry |
Yes |
Yes |
Yes |
Yes |
No |
|
Monica |
No |
Yes |
Yes |
Yes |
Yes |
|
Jane |
No |
No |
Yes |
Yes |
No |
The signed-in manager accesses the person records of every person in his or her manager hierarchy, subject to any other criteria in the security profile. For example, Harry can access Kyle's person record, even though Kyle doesn't report to an assignment that Harry's manages.
Assignment-Level Manager Hierarchy
When Person or Assignment Level is Assignment, managers see the person records of people who:
-
Report to them directly from one or more assignments
-
Report to assignments that they manage
This table shows the person records that each of the three managers can access in an assignment-level manager hierarchy.
|
Manager |
Sven |
Jane |
Franco |
Kyle |
Amir |
|---|---|---|---|---|---|
|
Harry |
Yes |
Yes |
Yes |
No |
No |
|
Monica |
No |
Yes |
No |
Yes |
Yes |
|
Jane |
No |
No |
Yes |
Yes |
No |
In this scenario:
-
Harry accesses person records for Sven, Jane, and Franco. He can't access Kyle's record, because Kyle reports to an assignment that Monica manages.
-
Monica accesses person records for Jane, Kyle, and Amir. She can't access Franco's record, because Franco reports to an assignment that Harry manages.
-
Jane accesses person records for Franco and Kyle.
An assignment-level manager hierarchy isn't the same as assignment-level security, which would secure access to individual assignments. You can't secure access to individual assignments.
Access to Terminated Workers
Line managers automatically lose access to terminated workers in their manager hierarchies on the day following the termination date.