Project and Portfolio Management Practitioners Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

Variable Security Settings

Highlighted
Ryan Grobler
Regular Collector

Variable Security Settings

Hi All

I have just introduced a new workflow, and to keep it as simple as possible I'd only introduced 1 approval step.

A new Request gets raised by person X; and they select a Business Unit - I want to have a security setting that dictates that Person X can only approve the Request if it for Business Unit 1; If it is for Business Unit 2 then they can't approve it; and Person Y can.

BUT I currently have a setting that says that all users in 'Business Admin' can approve requests, so this means Person X can approve ALL requests.

Is there a way to seperate out the security without creating a workflow step for each business unit?
7 REPLIES
Erik Cole
Honored Contributor

Re: Variable Security Settings

Hi Ryan,

If you're only dealing with a few people you can create a field on the form for the approver and populate it via rule with the correct person based on the BU selected. It can even be hidden. Then in the step security you would use the token for that approver field instead of any groups.
Ryan Grobler
Regular Collector

Re: Variable Security Settings

Hi Eric

Its about 30/40 people - so would it still be possible?
Erik Cole
Honored Contributor

Re: Variable Security Settings

So the approver can be one of 30 or 40 people? If this is the case, then you could have the rule save a security group name instead of a person and just have all the people in groups appropriate to their BU. Make sense?
Ryan Grobler
Regular Collector

Re: Variable Security Settings

Not Really :)

Its a little convoluted - person A,B and C can approve requests for business unit UK; Person M,N and O can approve it for Business Unit Europe

I could default a security group based on the business unit. but then how would i set the security grants in the workflow?

Erik Cole
Honored Contributor

Re: Variable Security Settings

Put A,B,C in security group 'UK Approvers', and M,N,O in group 'EU Approvers'.

RT rule sets the Approver field's value to either 'UK Approvers' or 'EU Approvers' based on BU selection.

Set workflow step security to User Defined Token, of type Security Group Name, and use the token of your Approver field.
Erik Cole
Honored Contributor

Re: Variable Security Settings

Depending on the request header you're using, you can probably just use the pre-existing 'Assigned Group:' field (token is [REQ.ASSIGNED_TO_GROUP_NAME]) for this.
Ryan Grobler
Regular Collector

Re: Variable Security Settings

That makes sense, will give it a go in Test!

Thanks so much!!
//Add this to "OnDomLoad" event