/
Configuring Security Domains

Configuring Security Domains

Here is the list of security policies.

Policy

Description

Manage: Survey (surveyapp_yxwrnz)

 

Create and edit Surveys; doesn’t need access to responses

Manage: Survey Responses

Manage: Survey Responses User Defined 1

Manage: Survey Responses User Defined 2

Manage: Survey Responses User Defined 3

Controls data access to the primary business objects with the same name (Survey Responses, etc). These policies control who can access survey response reports. Allows constrained and unconstrained security groups.

The purpose of four policies (and BO’s) is to allow customers to segregate survey responses. For example, one can be used for HR, another can be used for Finance, etc. Once survey responses are stored in a BO, they cannot be deleted. Access can however be controlled either by changing security groups, or by setting filters on the reports (e.g. survey, response date).

Assign a Constrained Security Group for use cases such as allowing managers to see responses only of their direct reports.

Manage: Responses

Controls data access to the secondary business object in a custom report (Responses, Responses User Defined 1, etc).

This is used when a Constrained Security Group is assigned to the primary business object (above row). To make this work, assign an Unconstrained Security Group that has the same (or more) members as the Constrained Security Group.

This is needed to make Constrained security work in Extend apps. Since “Response” objects are not used as primary data sources on reports, assigning a more liberal unconstrained security group will not impact the overall security. Report sharing and data access is controlled by the “Manage: Survey Responses” policies.

Manage: Survey Questions

Manage: Metric 

Manage: Survey Templates

Ignore, not used at the moment

To configure policies follow these steps:

  1. Navigate to App Manager within your tenant by doing a search for 'App Manager' and click ‘Configure'.

  2. Navigate down to Model Components > Security Domains, then click on Create on each of the policies.

  3. For each of the policies you can now add relevant user groups.

  4. Run the Activate Pending Security Policy Changes task to activate your changes.

Here’s an example group configuration:

User Group

Role Description

Domain Security Policies

Survey Admin

Create surveys, configure app

Data Access: No 

Modify

  • Manage: Survey

 

 

Functional Admin

View responses, create custom reports

Data Access: Yes - all survey data within a functional area e.g. a Fin admin can see Fin survey responses but not HCM. User can see responses for all surveys within the functional area.

View:

  • Manage: Survey

Designate one of four “Survey Responses” security policies to this functional area:

  • Manage: Survey Responses 

  • Manage: Survey Responses User Defined 1 

  • Manage: Survey Responses User Defined 2 

  • Manage: Survey Responses User Defined 3 

 

Survey Response Viewer

View survey responses, via custom report

Data Access: Yes - limited to role e.g. manager can see only their team’s responses. Restriction applied via custom report filter - e.g. survey filter or manager filter.

View:

  • Manage: Survey Responses (or one of the other “user defined” policies assigned to the functional area)

Access to survey responses via custom report shared by the functional admin