Roles and permissions
Folks,
I have a permissions question. My use case is as follows:
Organizations have Organizations. The parent organization is a Vendor and the child organization is their customers. Organizations have departments and departments have employees. I want those who are in the HR role to be able to view their Parent organizations (Vendor) and the customer organizations. They should not be able to view other organizations or their customers.
Each person in the HR role is an employee in their respective "Vendor" organization. (Organization table has a type field: Vendor or Customer) The Employee table has an email address as the primary key and a formula user field based on that email address.
Now, I have a formula field "This is Me" to be true when the current user is the User field on that employee record. Then I have a summary field "# of Employees Who is Me", on the "department has employees" relationship that is defined as the count of the rows where "This is Me" is checked. This rolls up to the Organizations table on the Organization has Department relationship as "# of My Departments".
To control the view of the organizations that are the customers of my vendor organization, I have Orgs has Orgs relationship where the reference field is the Vendor Organization. To be able to decide which Customer organizations an employee can view, I have pulled down the "# of my Departments" as a lookup on this relationship so the Organization table how has "Vendor Organization - # of My Departments"
Now, to set the permissions of what organizations an HR role person can view, I have set it up as "# of My Departments" > 0 or "Vendor Organization - # of My Departments" > 0.
The issue is: When I test as one of the Employees of an organization who is in the HR role, I can see my Vendor organization but not its Customers Organizations (which are the child records of the Organizations table)
What am I doing wrong? Or how else can I accomplish this?
------------------------------
Surya V Avantsa
------------------------------
I have a permissions question. My use case is as follows:
Organizations have Organizations. The parent organization is a Vendor and the child organization is their customers. Organizations have departments and departments have employees. I want those who are in the HR role to be able to view their Parent organizations (Vendor) and the customer organizations. They should not be able to view other organizations or their customers.
Each person in the HR role is an employee in their respective "Vendor" organization. (Organization table has a type field: Vendor or Customer) The Employee table has an email address as the primary key and a formula user field based on that email address.
Now, I have a formula field "This is Me" to be true when the current user is the User field on that employee record. Then I have a summary field "# of Employees Who is Me", on the "department has employees" relationship that is defined as the count of the rows where "This is Me" is checked. This rolls up to the Organizations table on the Organization has Department relationship as "# of My Departments".
To control the view of the organizations that are the customers of my vendor organization, I have Orgs has Orgs relationship where the reference field is the Vendor Organization. To be able to decide which Customer organizations an employee can view, I have pulled down the "# of my Departments" as a lookup on this relationship so the Organization table how has "Vendor Organization - # of My Departments"
Now, to set the permissions of what organizations an HR role person can view, I have set it up as "# of My Departments" > 0 or "Vendor Organization - # of My Departments" > 0.
The issue is: When I test as one of the Employees of an organization who is in the HR role, I can see my Vendor organization but not its Customers Organizations (which are the child records of the Organizations table)
What am I doing wrong? Or how else can I accomplish this?
------------------------------
Surya V Avantsa
------------------------------
