Hello Irina,
Most HR applications I've seen store their records in separate tables from non-HR records, partly to make the security scheme simpler. If this is not an option for you, I can think of one solution but it's not a good one at all: add two filters to the Incident form that fire On Get. The first checks for membership in the "HR Incidents" group and stores the result of the check in a display-only field. The second sets the value of all fields to null if the membership check fails. This is very ugly because of 1) the extra load on the system to process all the On Get actions and 2) because a query would still know that a record exists, but would not know the content of the record. Also, the OOB workflows will need a lot of fix-up. FWIW, --Phil ________________________________ From: Action Request System discussion list(ARSList) <arslist@ARSLIST.ORG> on behalf of Irina Solarcuka <irinase...@gmail.com> Sent: Friday, April 21, 2017 5:18 AM To: arslist@ARSLIST.ORG Subject: Re: How to "split" Unrestricted Access ** Hi, The issue is that all support groups members has unrestricted access and I can't remove that. It is a reason why I need "another unrestricted access" that allows to HR people to see only their incidents. At the same time I need to limit an existing Unrestricted Access so that people can see only non-HR incidents. BR, Irina 2017-04-21 11:33 GMT+03:00 Chris Jones <chris.jo...@aramea.co<mailto:chris.jo...@aramea.co>>: ** Hi Irina, Another option for you to consider is using parent groups to control access to multiple companies, etc. https://docs.bmc.com/docs/display/public/ars81/Using+a+parent+group+for+permissions+inheritance Maybe you could create an HR parent group and grant access to that so HR people are granted access to anything within this parent group? Regards, Chris Chris Jones, Director www.aramea.co<http://www.aramea.co/> From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of Irina Solarcuka Sent: 21 April 2017 05:34 To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> Subject: How to "split" Unrestricted Access ** Hi, I would like to "split" Unrestricted Access in two parts - HR Unrestricted Access and Unrestricted Access for the other incidents. Is it possible? I've created an additional field in CTM:People form called HR Unrestricted Access, an additional Role and group with the same name. I can't use multi-tenancy since we have a mix of customers and support companies. Each support company can support each customer. I can't remove Unrestricted access from all the users that have that because of the same reason.. Any help is appreciated BR, Irina _ARSlist: "Where the Answers Are" and have been for 20 years_ ________________________________ [Avast logo] <https://www.avast.com/antivirus> This email has been checked for viruses by Avast antivirus software. www.avast.com<https://www.avast.com/antivirus> _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"