Table of Contents

OFBiz has a security model that controls access to resources at a very fine grained level. This means that it is possible to manage who has access to view information and perform work from the highest level (i.e. Create or deny access to the application itself) down to the lowest level (i.e. View, create, update or delete a single item of information).

This chapter covers the security permissions that come with the HR App and how an administrator can assign permissions to a user login using the Party Manager application.

 

Note

A person may have one or more login id's. Each login id is assigned to it's own set of Security Groups. This means that the id a user logs in with determines what applications the person can work in and what work can be done in the application. For an example of multiple user logins see the party id admin in the demo data.

In OFBiz a Security Group is collection of permissions that allow a members of the group to use the application and it's resources.

The HR App has three special security groups that can be assigned HR App users. There are also other general administrative security groups that let managers and administrators work in the application.

You use the Party Manager application to add users to one or more Security Groups.

 

The three special HR App Security Groups are named by role:

  1. Employee Role - Required to logon into the HR App. This is true even if user has the Approver and Admin Roles, the Employee Role is still needed to get into the HR App. It has the most restrictions on what the user may view and the actions the user may take of all the HR App roles.

  2. Approver Role - The approver role gives members of the group the ability to approve Training. The approver has all of the permissions of the Employee Role and in addition may view and update some of the screens that are not available to the Employee role.

  3. Administrator Role - A person with the Administrator Role has permission to do everything in the HR App. A person with the Administrator Role is allowed full access to view, create, update and delete throughout the HR App.

 

Note

A person with the Administrator Role must also belong to the Work Effort User, My Portal Employee, My Portal Customer or Scrum Team security group to be able to add Training class in the Training feature. This is an exception to the above explanation for Administrator Role.

 

Some users may not have any of the HR App permission but can still access the HR App and perform operations. These include:

  • Business Admin has permission for all operations in the HR App.

  • Flexible Admin has permission for create, update, delete and view operations on the HR App

  • Full Admin has permission for all operations in the HR App.

  • Super has permission for all operations in the HR App

  • Viewadmin has permission for viewing the HR App

 

A user must be granted permissions to use the HR App. This section describes how to do this in Party Manager. It assumes the user has a user login and Party administration privileges.

  1. Login to the Party application.

  2. User Search Option to find the person who is to be given permission to use HR App.

  3. In Search Results click the text in the Party ID column.

  4. In the User Name(s) screenlet click the Security Groups button for the User Login that will receive HR App permissions.

  5. In the Add User Login to Security Group screenlet select the HUMANRES_EMPLOYEE... from the Group drop-down-list. Click the Add button to use the current date for the From Date or enter dates for From Date and Thru Date as needed then click Add.

  6. If the person is to be allowed to approve Training add the HUMANRES_APPROVER permission. As in the previous step enter dates as required.

  7. If the person is to be allowed all access then add the HUMANRES_ADMIN permission... As in the previous steps enter dates as required.

  • No labels