Authorise data using data filters

For reports and analyses you can apply filter authorisation to their contents. This means that a user can view the reports or analyses, but only if he is authorised to view the contents.

Example: 

The filter authorisation includes a setting that a manager can only view data relating to employees of his own department.

This means that the manager can only view employees of his own department in the Functions employees (incl authorisation) (Profit) report.

Content
Description

In Profit you record the authorisation filters in tables, for example the Employee or Dossier table. Filter authorisation applies to almost all views and to reports and analyses that are based on a data collection of the 'incl. authorisation’ type. This has the advantage that you only have to record the filter authorisation once in the Authorisation tool. This distinction can also be found in the default reports supplied with Profit. For reports with 'incl. authorisation' in the description, filter authorisation applies.

An 'incl. autorisation' data collection always has an opposite: an 'excl. authorisation’ data collection. With the last-mentioned type, Profit does not apply a filter authorisation to the contents of the report or analysis, so the user will be able to see all the data. You can use HR reports 'excl. authorisation' for HR employees, as they need to be able to view all employees. Users from other departments will have limited access, which means you would use the 'incl. authorisation’ data collections.

Extended example

This example refers to the Personeelsadministratie role. The following authorisation has been specified for reports:

  • User have access to HR / Output / HRM report.
  • Within this function, users only have access to a number of specific reports. They do not have access to reports concerning recruitment and selection or absence.
  • In the reports, users only have access to data of employees who are not executive managers. Use a filter authorisation for this: in the filter you specify that a user is allowed to view all employees, except employees on layer 0 of the organisation chart. The executives are on layer 0.

Built-in report filter

Not all the data collections are available in the variation 'Incl. authorisation'. Despite this, you can also ensure that certain data in other data collections is shielded in reports and analyses. To achieve this, you must use a built-in report filter. The user cannot change it (you should of course make the maintenance functions inaccessible via menu authorisation).

This functionality is not part of the authorisation, but of the default functionality for reports and analyses.

Procedure
  • Authorise reports and analyses by contents

    The report or analysis must be based on a data collection 'incl. authorisation'. You must make the right choice when adding a report or analysis, because you cannot change the data collection afterwards.