Using RBAC to organize and manage access to case attachments
Applicants for an open position at TGB must submit a resume as part of the application process. To ensure the security of resumes attached to a candidate case, resumes must only be accessible by recruiters and HR members.
- Create a privilege for the User and Recruiter.
- Apply privileges to respective access roles.
- Create an attachment category to manage resumes.
- Add attachment section in the user interface.
The following table provides the credentials you need to complete the challenge.
|Senior System Architect||SSA@TGB||rules|
Note: Your practice environment may support the completion of multiple challenges. As a result, the configuration shown in the challenge walkthrough may not match your environment exactly.
1 Create a Privilege for User and Recruiter
- Login with user name SSA@TGB.
- In the header of Dev Studio, click Create > Security > Privilege to create the privilege.
- In the Label field, enter User.
- In the Context section, in the Apply to field, enter or select TGB-HRApps-Work-Candidate, and select the highest available unlocked ruleset version.
- Save the privilege.
- Repeat steps 2-5 to create a privilege named Recruiter.
2 Apply the privilege to the access role
- In the navigation pane of Dev Studio, click Records > Security > Access Role Name to open the instances of the Access Role Name.
- Click on HRApps:User to open the existing User access role.
- Save a copy of the access role name into the highest available unlocked ruleset version.
- On the Role tab, click the Add a row icon to add a new access role.
- In the Add access Role Object window, in the Class field enter or select TGB-HRApps-Work-Candidate.
- In the Access Controls section, enter 5 in all access controls fields.
Note: Entering 5 in all fields provides full access to the User access role.
- In the Privileges section, in the Name field enter or select the User privilege, and in the Level field enter 5.
- Click Save to save and dismiss the Add access Role Object window.
- Save and check in the Access Role.
- Repeat steps 2-9 to add Recruiter privilege to the HRApps:Recruiter access role with the access control details as shown in the following image.
3 Create Resume attachment category
- In the App Explorer, right-click Candidate and select Create > Process > Attachment Category.
- In the Label field, enter Resume.
- Click Create and open.
- On the Security tab, in the Access control list by privilege section, add the User and Recruiter privileges.
- In the User privilege row, select the Create, Edit, View, Delete own, and Delete any check boxes.
- In the Recruiter privilege row, select the View check box.
- On the Availability tab, clear all check boxes and select the File check box.
- Click Save to save the attachment category.
4 Add attachment button to the user interface
- In the App Explorer, open the CollectProfessionalDetails_0 section.
- Save a copy of the section into the highest available unlocked ruleset version.
- Add a Dynamic layout under the Embedded section.
- Add the Attach content control into the newly added dynamic layout.
- Next to Attach content, click the View properties icon to open the cell properties window.
- In the Cell Properties window, on the General tab, in the Button caption list, select Text.
- In the Text field, enter Attach Resume.
- Click Submit to save and dismiss the cell properties window.
- Save and check in your work.
- Verify that you have no checked out records.
Confirm your work
- Log in with user name User@TGB and create a candidate case.
- Advance the case to the Collect Professional Details step.
- Click Attach Resume to open the attachment overlay.
- Select a sample resume file from your desktop.
- In the Category field, select Resume.
- Click Attach to attach the resume to the case.
- Save the candidate case ID to a text file for future reference.
- Click Submit to complete the Collect Professional Details step.
- Click Actions > Refresh to display attachments.
- In the Files & documents section, click the More icon and verify that Download and Delete options are displayed.
- Advance the case past the Submission stage to route the case to the RecruitingWB work queue in the Conduct phone screen step.
- Log out from the user portal.
- Log in with user name Recruiter@TGB.
- On the dashboard of the user portal, click on the circle in the Case volume gadget to access open cases.
- Locate the case ID from step 7 and click it to open the case.
- In the Files & documents section, click the More icon and verify that only the Download option is displayed.