I would like to implement object authorization rules on my employee object. However the complication arises from the fact employees are grouped in payroll groups such as Confidential payroll, Middle Management payroll and Unionized payroll and the employee group property determines which payroll group they belong to. For example employees with the group value of “EXCO” (Executive Committee) belong to the confidential payroll, whilst employees with group property values of SMG1 (Senior Manager Group Level 1), SMG2 (Senior Manager Group Level 2) and SMG3 (Senior Manager Group Level 3) below to the middle management payroll etc, Employees in the confidential payroll can only be viewed and updated by the users in the Human Resources Director and Finance Director roles. Employees in middle management payroll and unionized payroll can be updated and viewed by users in the Human Resources Director, Finance Director, Human Resources Manager and Accountant roles. My understanding of the object authorization rules is that they apply at object type level and not at instance level. How do I go about implementing object authorization rules for the employee object?
↧
