Kuali Access Security and Opening edocs

[Virone, Michael]

Greetings Kuali Community,

 

 

After going live with Kuali 4.1.1 with stand-alone Rice 1.0.3 on July 1, 2012 here at UConn, we have been experiencing problems with access security. I implemented access security to utilize the descending organizational hierarchy attribute. I created models and assigned the principles to the models to limit their view only to their org and all orgs that are below it in the descending hierarchy.

 

The problem I am having is that access security is preventing principles from re-opening edocs after approval, and opening edocs in general. This is because the edoc contains an account that is not within their org. This has become a big problem and it is inefficient for business.

 

I would like to know how I can make access security allow people to view edocs that have their accounts on them and also have accounts outside their org. Right now it doesn't matter that the edoc has an account within their org on it, access security is preventing access to the entire edoc because of the account on the edoc that is outside their org. I still want to prevent people from opening edocs that have no association with their org.

 

Has anyone experienced this problem? If so how can I resolve this problem? I have tried several different things with no success. Any ideas or suggestions would be greatly appreciated.

 

 

Thank you,

 

 

Michael C. Virone
Financial System Administrator

Office of the Controller

University of Connecticut
(860) 486-2412

 

[Nicole Rawleigh]

Good Morning Michael,

 

Can you try adding role 59 KR-WKFLW Approve Request Recipient to a view all ORG model?

 

This should allow anyone that receives an action request to view the edocs they approved without opening up all edocs to viewing.

 

Nicole

 

Nicole Rawleigh

Security and Workflow Analyst

CIT Applications

607-254-8820

--
 
 

[Virone, Michael]

Forgot to reply all.  Any other thoughts?

 

Michael

 

From: Virone, Michael
Sent: Tuesday, September 18, 2012 10:10 AM
To: 'Nicole Rawleigh'
Subject: RE: Kuali Access Security and Opening edocs

 

Hi Nicole,

 

That didn’t work. I then tried adding other roles to the view all ORG model. The only one that worked was the document opener but that one allowed for opening all edocs. I feel like I have done something wrong in the configuration access security. Can your users view edocs even though they have accounts on them outside their org just as long as they one account that within their org?

 

Thank you, any help is greatly appreciated.

 

 

Michael C. Virone
Financial System Administrator

Office of the Controller

University of Connecticut
(860) 486-2412

 

[Sopia Alfred]

Hi Michael,

I am currently facing same issue.

Would you kindly share the work around if you had found one.

I'll appreciate a lot 

Regards,

Alfred

[Kymber Taylor]

Hi -  Obvious question - is the override deny box checked on the security models? 

At Stevens, we have a top level org Deny Model that prevents all users from accessing docs, then models are set up for each org (descend hierarchy) and those models have the override deny box checked. 

There are also a couple of parameters that allow the users associated with an account to always open docs that use their accounts. 

ALLOW_ACCOUNT_MGR_LINE_ACCESS_IND
ALWAYS_ALWAYS_ALLOW_SUPERVISOR_LINE_ACCESS_IND (and one for Fiscal Officer)

ALWAYS_ALLOW_FISCAL_OFFICER_LINE_ACCESS_IND

If none of these help with the problem, it might be helpful to get some screenshots of a couple models and the associated definition and docs that can't be opened. 

I should also note that we have fixed quite a few bugs with access security and KIM - so you might check the roles that are created in KIM to make sure they are set up correctly - you can send screenshots of those as well. 

Thanks, Kymber

--
To unsubscribe from this group and stop receiving emails from it, send an email to kfs.user.fun...@kuali.org.

--

Kymber Taylor  Financials Product Analyst financial...@kuali.co kuali.co Best place to work 2016