Has anyone done any company level security in GHR, similar to what exists in S3 with company and process level controls?
We have 3 companies in our organization, loosely: real employees, contract employees and non-employees. The non-employee company has lots of different kinds of people in it and I need to have about 5 different outside groups be able to hire/term/etc - basically be mini-HR for those non-employees. GHR ignores S3 company and process level controls. And, so far, if I give a regular employee access to HR level functions, even if I set their context the non-employee company and take away their ability to change that, GHR helpfully opens the resource page to the employee company and lets them do whatever they want. Oh, and using the change company action (custom way to change user context in HTML 5) they can still do that too. Of course I could do this with a URL - but we have plenty of folks smart enough to replace one company ID with another and see what happens, so really a non-starter. And of course, they all need access to the employee company as themselves, to their own records.
Restricting actions is probably going to be easy enough, conditionally, it's the viewing... I can't have these folks surfing employee and contract employee records in the other companies.
We are on premise and I am building in GHR 11.0.25 on LMK environment 11.0.29.2.
Before I recreated the wheel on security in GHR, I hoped to see if this group had any suggestions!
Thanks,
Alison
