Overview:
Previously, when employees were rostered to a location they didn't have access to, they would be unassigned/inaccessible. However, their names would still appear when editing the shift, creating inconsistency in data visibility and potentially compromising data security.
To address this issue and improve our data security practices, we have implemented a new enhancement. The primary objective of this enhancement is to establish consistent behavior and data visibility across the Roster , Time and Employee directory sections. By doing so, we aim to tighten our data security measures and ensure standardised access and visibility for all relevant data.
With this enhancement, when employees are rostered to a location they don't have access to, ONLY their names will be displayed. This change aligns with our commitment to maintaining data consistency and protecting sensitive information along with safeguarding against potential breaches and maintaining the integrity of our data.
How it works?
- If the company is setup as below:
Top location : Red
1st Level-Sibling Locations : Green
2nd Level-Children Locations of Roubler Water : Yellow
- The employees' are assigned the following location access:
Anthony Edwards : Roubler Water
Eaton Employee : Roubler Water Extension
Austin Reaves : Roubler Water Extension II
- Employee's shifts for the week - they are rostered under their respective location access while manager is on Roubler Water location view.
This shows that all employees will visible even without explicit access to the parent location.
- If employees are rostered under a different location they don't have access to, the manager can NOW see their full names instead of inaccessible. Saving an update made in both shifts and timesheets are also possible.
Note: When a new shift is added the employee’s name is not visible in the drop down and when a shift belonging to another employee is edited, the employee’s name from the higher location is not displayed on the drop down.
- The employee names are also visible when Viewing and Editing the shifts of Austin Reaves and Eaton Employee.
- When adding a New shift and Timesheet, the employees with location access under the parent and its sub-locations are all visible and can be selected in the employee dropdown.
- The same employees are displayed in the Employee Directory.
- Employee profile also CANNOT be accessed by URL manipulation.
Not even in Dev tools and Postman.
This enhancement is the fix for the request in Resolving 'unassigned shifts' on rosters after last release.
Comments
0 comments
Please sign in to leave a comment.