How to grant access to Edit or Add Employees in IT Shop (4347241)

Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

How to grant access to Edit or Add Employees in IT Shop
Description

In the default installation of IT Shop, Managers may edit Employees for which they are responsible. They may also create new Employees.

(Managers are assigned the "Employee Managers" base role when they log in with a role-based authenticator. The associated permissions group, VI_4_ALLMANAGER, has the required permissions on the Person table.)

Non-Managers may not edit or add Employees, nor can they see the "People" menu. The "People" menu and the ability to add or edit Employees is only possible if the web project configuration is modified to allow this, and the appropriate permissions are assigned to the Person table.

Note that in version 7.1.x there is a "People" menu option under "My Responsibilities"; and in version 8.x there is a "People" tile available from Responsibilities | My Responsibilities.

The required steps to allow non-Managers to edit or add Employees are provided below.
Resolution

In Web Designer:

Note: The following steps were performed in version 8.1.2

1. Select Edit | Configure project | Web project...

2. From the Configure project tab, expand "Employees" and enable the "Value (custom)" option for both the "Employees authorized to add and edit employees" and "Employees which can be edited by the current user" options:

Please note:

- If "Employees authorized to add and edit employees" is used, but "Employees which can be edited by the current user" is not, then the logged in Employee will not see a list of users to edit, but will see the "People" tile from Responsibilities | My Responsibilities.

- Therefore, using both options will display a list of Employees from the People tile. Just the first option will simply show the tile.

3. Click the blue plus symbol to activate the SQL expression:

4. Select the "Set SQL Statement" button to update the WHERE clause:

5. Then enter a suitable WHERE clause, in quotes, e.g.:

Employees authorized to add and edit employees:

Example WHERE Clause:

"EXISTS (select 1 from (select uid_person from personinaerole where exists (select 1 from (select UID_AERole from AERole where Ident_AERole = 'IT Specialist') as x where x.UID_AERole=personinaerole.uid_aerole)) as X)"

- Click "Apply"

Employees which can be edited by the current user:

Example WHERE Clause:

"EXISTS (
select 1 from personinaerole
where UID_Person = '%useruid%'
and UID_AERole in (select UID_AERole from AERole where Ident_AERole = 'IT Specialist'))"

- Click "Apply"

6. Save the change and compile the web project.

In the above example, if the logged in Employee is assigned the appropriate Application Role, "IT Specialist", they will see the "People" tile under Responsibilities | My Responsibilities:

Note that the "Add a new employee" button is grayed out at this point if INSERT permission has not been granted to the logged in Employee either directly or indirectly. In the above example, a permissions group with INSERT permissions could be assigned to the "IT Specialist" Application Role, e.g.:

The permissions group in the above example has the Insert permission on the Person table:

Please refer to the Authorization and Authentication Guide for more information regarding Editing Permissions for One Identity Manager Schema Tables and Columns.

Please continue in the Authorization and Authentication Guide for more information regarding How to Edit Application roles.