- Brief Description
ToDo List should show only the items in folders to which the operator has rights
- Benefits / Value
The value of folders is that you can really segregate the information and limit what an operator can view and edit, to those folders for which you give him rights. This is not possible with the current design, since the assignment group has precedence over the folder in the ToDo List. In a Banking environment we have the following scenario:
- There is a default standard folder to which most users have rights
- There is a Security Management Folder to which everybody in the Compliance Department has rights, but in order to work with the specialized Department, two Persons of the specialized Department are granted rights to the Security Management Folder. The compliance department needs to work with the specialized department, as they are the people that have the special knowledge of a certain area, but the type of issues logged in Security Management are very sensitive information, and only the two designated persons should be able to see what was logged.
- With the current design, that means that other people in the same assignment Groups as the 2 persons of each specialist Department will be able to see the Security Management Tickets listed in the ToDo View and that is not acceptable.
- As work around the View can be modified but users with enough rights can modify such views again. The work arounds tested so far are not good enough and the functionality should work OOB.
- In other views the tickets are not visible to the logged-in operators if they do not have rights to the Folder Security Management. For example in the Incident queues, a user will not get records in Folder Security Management.
ToDo Views should filter out records that are not in the folder for which the logged-in operator has rights. They should not be listed in any of the ToDo Views, not in the “My Group's To Do List”, nor in the “My To Do List”. SM does not prevent that an operator could be assigned a ticket that is placed in a folder for which he has no rights. If this is done, then the operator will also see records from other folders to which he has no rights also in the “My To Do List”. The operator cannot edit such records but he still can see them listed.
This should work as for module Views. For Mandanten this also seems to work even in the ToDO Views.