No announcement yet.

"Own" permissions for "Assigned User" and "Followers"

  • Filter
  • Time
  • Show
Clear All
new posts

  • "Own" permissions for "Assigned User" and "Followers"

    I have a scenario that I wonder if there is a design issue for...

    The Entity is called "Employee"

    The standard (All Users) Role permissions setup for this Entity are:

    * Access = enabled
    * Create = no
    * Read = own
    * Update = no
    * Delete - no
    * Stream = own

    The point being transparency in Employees having access to see their own records, which they are entitled to under GDPR anyway.

    Now, the record was **created** by another person (HR Manager) but we want each Employee to be able to see, check their own record in self-service and confirmation of their accuracy.

    My thinking was that the correct way to do this would be to set the specific Employee as the "Assigned User" or added as a "Follower", and that would then define it as "own" - but it seems that isn't the way it works.

    Perhaps I'm missing something?

    Perhaps "Assigned User" should also be considered as "own" for permissions management?

    Perhaps "Followers" should be considered as "own" for permissions management too?

  • #2
    > Perhaps "Followers" should be considered as "own" for permissions management too?


    It's not possible to make such changes at this moment. It would be a disaster if we implemented this is a new version.


    • marcusquinn
      marcusquinn commented
      Editing a comment
      I understand regarding Followers, because that might give unexpected permissions to existing users and records where a User's email on a record seems to also add them as a Follower, and people might not have anticipated that. Although, it is a bizarre scenario where someone can be a Follower of a Record but without any CRUDS permissions they wouldn't see anything.

      Perhaps Assigned User should be classified as included in "own" though, because that's an intentional value, that I doubt anyone would have set to Users that don't have any CRUDS permissions, and if they had, they ought to expect that Assignment would yield at least Read permissions for all but specifically excluded fields.

  • #3
    After further testing, it seems that "Assigned User" does make a record visible as "own", and "Follower" is added and removed based on that "Assigned User" value.

    So, this is solved for your needs without any custom development, just understanding the permissions, in that "own" also includes the "Assigned User"