You’ve created a report with Advanced Reporting based on Time Account objects and used the Person Context functionality to shows only the data of the direct reports of the logged in Manager.
When the Managers run the report and change the 'Select values to filter' selection they can view Time Account data for employees which are not part of their team. e.g. not direct reports.
The report restrictions correctly applies if the default People Context selection is used by just selecting done on the pop up screen.
Reproducing the Issue
- Analytics – Analytics then Advanced Reporting
- Create a new report/query based on Time Account & Global information objects
- For this example, the current logged in Manager (Carla Grant) can select the Manager Carl Hughes from the list or his direct reports.
- Carla Grant is also able to view the data for Benjamin Kelly even if she is not her Manager.
In this example the Manager's report data was not restricted as per the portlet (Employee Files - Time OFF) because the Time Account Objects were not configured with the correct RBP permissions and security settings.
In order for the Advanced Report to restrict the data on role Based Permission (RBP) the following configuration is recommended:
- From the Admin Center search for Configure Object Definitions and select Object Definitions then Time Account from the drop down
- Make sure the userId field is mandatory by clicking on userId Details and selecting Required = Yes from the list as below.
- Secured: Yes
- Permission Category: Misc. Permissions
- RBP Subject User Field: userId
NOTE: The changes to the Metadata Framework (MDF) Objects may not apply to Advanced Reporting until an MDF objects refresh is performed. You can request it to the Analytics Support Team.
KBA , mdf , time account , person context , rbp permission , advanced reporting , LOD-SF-ANA-ORD , Online Report Designer , Problem