Currently we are building our first PeopleSoft workcenter for a third party recruiting system. We elected to utilize PeopleSoft for building and approving the requisition, since PeopleSoft houses all the characteristics of the new requisition in the Position Data record and AWE gives us the ability to quickly implement complex workflows, with minimal effort! Within the workcenter design is where I came across a design issue that I had never encountered in my PeopleSoft career. What I had done for the Manager's is build them a workcenter where all the Positions that report directly or indirectly to them are stored in a jQuery Tree. I covered this in my first ever blog posting last year.
This is what the WorkCenter Page looks like:
This design allows the manager to Drill down to any positions within their organization and begin the recruiting process for that position. Once they select a Position that they want to recruit for the requisition is populated from the Position Data record and the manager is one click away from staring the requisitions approval process.
After the Requisition is selected by manager.
This is where we need to add some row level security, to the Requisition Component. Since one of the requirements is that any manager can delegate to any employee, all employee's must have access to the Component and savvy Peoplesoft User's know that if you populate the URL with a querystring that includes the Key, the component will bypass search processing and allow the user access to the requisition that they might not otherwise be authorized to see. So I began researching on how to prevent the component from using this querystring. That is when I found this option on the Component Properties.
After I clicked this option, I could always intercept the request in SearchInit PeopleCode and populate the search keys from the Cache Record Populated when the Manager selects the position in the workcenter page. Below is the SearchInit PeopleCode:
Global string &GLB_POSN_NBR, &GLB_BR_GUID;
Local Record &ZZ_CACHE;
If %Component = Component.ZZ_REQUISITIONS Then
/*Hide emplid and name so user can not search*/
&GLB_BR_GUID = %Request.GetParameter("GUID");
Hide(ZZ_REQUISITIONS.ZZ_JOB_OPENING_ID);
If None(&GLB_BR_GUID) Then
ZZ_REQUISITIONS.MANAGER_ID = %EmployeeId;
Else
&ZZ_CACHE = CreateRecord(Record.ZZ_BR_CACHE);
&ZZ_CACHE.GUID.Value = &GLB_BR_GUID;
&ZZ_CACHE.SelectByKey();
&GLB_POSN_NBR = &ZZ_CACHE.POSITION_NBR.Value;
ZZ_REQUISITIONS.ZZ_JOB_OPENING_ID.Value = &ZZ_CACHE.ZZ_JOB_OPENING_ID.Value;
End-If;
/* skip search page */
SetSearchDialogBehavior(0);
End-If;
Very cool that Oracle allows you to force Search Processing at the Component Level!
No comments:
Post a Comment