When logging in as the line manager user were you sending the request from the self service portal or the analyst interface?
Not sure if it is this, but you actually have "Edit" permissions for "Any", and that includes "Line Manager", I would try to remove the "Any - Any" line and see what happens (Make sure to give the "Offering Permission" to someone else!!!).
Hope this helps.
D'oh! Re-reading your message, you actually said it , sorry!
Said that, I have nothing else useful to say.. more sorry!
Possibly delving into more complex concepts here - I was looking at the ServiceReqTemplateEntityAccess relationships and started looking into 'Contract Memberships' a bit further.
I found this thread which is helpful in describing the concepts.
The Access object is connected to OrganizationalUnit via Frs_CompositeContract_EntityAssocServiceReqTemplateEntityAccess (0...N:0...1), it is also connected directly to the OrganizationalUnit BO but looking at the database, this doesn't appear to be used.
Now, I attempted to setup the COE on the Self Service Access in a similar fashion to OrgUnit however I think my understanding of this feature is off. In the initial screen shot, the Any/Any uses OrgUnit B, the other 3 use OrgUnit A. So 3 records use the same Org Unit, if I try to add another access item with one of the above COE Groups, I get the following message:
Presumably, it expects the COELink_RecId field to be unique, but why does this not display for duplicate EntityLink_RecId (OrgUnit) entries?
Would I have to setup another Entity type if I want this behaviour for COE?
I mentioned I think my understanding of the access items is off - consider the below:
For this scenario, I want it to check for a matching access item based on the Employee details. So Finance Standard Users can Submit & Edit; IT Standard Users have Full Access; any other OrgUnits do not have access. I'm not convinced this is how it is setup. It seems to be that I would end up filtering on Org Unit OR COE Group, but not both.
Apologies in advance, my ramblings might not make much sense to most!
Any advice would be much appreciated.
The error message indicates an issue with the index on the Access Object. If I take a look at the indexes on ServiceReqTemplateEntityAccess, there is a COELink index which is forced i.e. I cannot delete this as it automatically creates a new one, presumably this is due to the relationship but there is not an index for Organizational Unit (Frs_CompositeContract_Entity).
I imagine this is indexing the values on the Access table which is why I am receiving an error message; although COELink_RecId is a unique value, it will not be in the context of the access table due to the N:1 cardinality.
Clearly I am missing something; why is an index forced for COE but not Entity?
When I set mine up for department I based mine on the Location configuration so the relationship uses the FusionLink table and zero to many
I have tested the permissions and appears to work correctly with this relationship configuration:
When Edit is ticked my user can edit, when unticked the edit button is removed.
Apologies there was a rather large delay on this :S
It looks like the filter properties do not 'AND' if that makes sense. So for an offering like below:
My employee record:
Yet, I can edit the request:
If I change the COE group, it works fine - even if the OUs do not match.
So it seems to be filtering based on the COE property only, any ideas why this is the case? Would I need to create another field to filter on both OU and COE and set it depending on those values?
Looks like it does combine access, just not in the way I thought it did:
Setting up my Employee record as follows:
With the below access:
Results in me being able to edit and cancel the request.
Removing edit from the IT/Any/Any access removes edit as an option, as expected (ruling out that it is using the top director access). Switching the Edit and Cancel permissions (2nd & 3rd entries) results in me still being able to edit and cancel, so it would appear that this does combine the permissions.