控制代理访问权限 [英] Controlling Delegate Access
问题描述
我们希望将我们的行政时间纳入我们的人力资源系统,以维持休假/病假余额(避免人们必须登录两个系统)。在这样做时,我们需要在Project Server中扩展我们对病态和假期类别的使用,并且出于合法的
原因,需要关注哪些用户可以访问其他用户的时间表数据。基于此,我们一直试图找到一种方法来控制委托访问,这种方式只允许管理者作为报告
的人员的代表。通过一个类别,我们能够限制他们可以成为代表的人,但是无法控制他们可以成为代表的人。
We would like to feed our Administrative hours into our HR system for maintaining vacation/sick balances (avoids people having to log in two systems). In doing this, we need to expand our use of sick and vacation categories in Project Server and, for legal reasons, will need to be concerned with which users have access to other users' timesheet data. Based on this, we have been trying to find a way to control delegation access in a way that will only allow managers to act as delegates for the people that report up to them. Through a category, we have been able to limit who they can be a delegate for, but have not been able to control who they can set to be the delegate.
有没有人有任何经验有了这个,或者知道是否有办法进一步锁定它?
Has anyone had any experience with this, or know if there is a way to lock this down further?
谢谢!
Julie
推荐答案
Julie,
Julie,
这是一个有趣的问题。好吧,"可以成为代表"的人员名单由全球许可"可以代表"控制。实现此目的的一种方法是为需要成为委托的所有安全组取消此权限,
为可以成为委托的经理创建一个特殊组。你会错过的是你应该只能将自己设置为团队代表的情况。
This is an interesting question..Well, the list of people who 'can be a delegate', is controlled by the Global Permission "Can be Delegate". One way to do this would be to take way this permission for all security groups that do need to be delegates, create a special group for managers who can be delegates. The thing you will miss is that scenario where you should be able to only set up youself as a delegate for your team.
另一种想法:为什么你不能禁用所有的"管理代表选项"功能,创建一个单独的安全组与所有可以作为代表的经理,只需给他们"可以代表"和"可以代表"权限,然后管理员
可以为所有经理创建委托。考虑到数据的敏感性,您可以建立一个流程,如果他们想要作为其他人的代表,那么有人必须提交正式请求。可能是..?
An alternative thought: Why can't you disable all the "Manage Delegate options" features, create a separate security group with all the managers who can be delegates, just give them the "Can be Delegates" permission, and then an admin can create the delegates for all managers. Considering the sensitivity of the data, you could put a process in place, where somebody has to put in an official request, if they want to act as a delegate to someone else. May be..?
这篇关于控制代理访问权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
