I need help with the following scenario...
We have a total of 4 appraisal templates in our system with the following specifications:
1) Template 1 - 3: Manager can display and change his subordinates' appraisals via MSS-role in Manager Desktop
2) Template 4: Manager can ONLY DISPLAY his subordinates' appraisals via MSS role in Manager Desktop
3) Template 4: Employee can display and change their own appraisal via ESS-role in Employee Desktop
Note: Employee can display and change their own Template 1-4
We managed to get everything to work in ESS-role the way it should be, so there is no problem there. The problem only occurs in MSS.
Our desired solution is that, when a manager goes to portal:
a) he should only get Template 1-3 in the drop-down list, of which he is allowed to create in the Manager Desktop
b) Template 1-4 of his subordinates should be displayed for him in Manager Desktop
c) he only gets to create Template 4 of his own via Employee Desktop
The following options are what we've tried, but non of them worked:
i) 02 (Change) and 03 (Display) for Template 1-3 + authorisation profile MANAGER, of which it contains full access to VA (all templates), VB and VC
ii) 03 (Display) for Template 4 + authorisation profile MANAGER as well
iii) 02 and 03 for Template 1-4
With this option, the manager also get Template 4 to appear in the create-template-drop-down list in the Manager Desktop, which is not what we want
--> We created one additional structural profile called MGRAPPRAISAL for Manager with VA access to ONLY Template 4, and replaced that with the original MANAGER profile in section ii) mentioned above. Both structural profiles are available in seperate entries under one single MSS-role in PFCG --> and we got the same result.
--> We modified profile MANAGER so that it only gives VA access to Template 1-3 and assigned it to section i)
--> We assigned MGRAPPRAISAL (Template 4) to section ii)
.. and we still got the same result. But when we remove ESS-role to test, Template 4 doesn't show in the drop-down list. It shows again once both MSS-role and ESS-role are being put together.
Now, my question is, how could this be possible with context-dependent-check? We are using P_ORGINCON, both AUTSW INCON and HAP00 AUTHO are active in T77S0.
If I give the manager the 02 and 03 access to Template 1; 03 to Template 4, and have the ESS-role removed from him, then the manager doesn't get Template 4 in the drop-down list, which it works the way we wanted. But without the ESS-role, it also means that manager is not able to access his own Template 4 in his own Employee Desktop, which he should. In the trace result, the system is obviously asking for the Change value 02 for Template 4 and these are the values we have in our ESS-role. So if we give that, then we will get that Template 4 appeared in the drop-down list in Manager Desktop. Do you understand the conflict here?
Let me know there is a way to solve this.
Sorry for the lengthy and excuse me if I sounded humble.
Appreciate your time and your help.