Improvement #29742
Updated by Aysha Fida 5 months ago
*Epic:* Admin Permissions & Employee Access Management *USER STORY* For user with authority- a person who has the permissions, I want to define user access permissions (branch, region, region unit, department) with multi-selection capability So that roles and employees can have flexible and accurate access control across multiple organizational units. *DESCRIPTION (DETAILED)* *PART 1:* New Permission Tab in Admin Settings Add a new tab under Admin Settings → Permission Category. Suggested Tab Name: “User Access Control” . Inside this tab: Add selection fields for assigning permissions: # Access Multi Branch – all/own branch # Acess Multi Region # Acess Multi – all/own region Region Unit # Acess MultiDepartment – all/own region unit. Department – all/own branch. Admin can assign which branches/regions/region units/departments a particular role or user can access. These permissions will drive visibility and access for users throughout the system (e.g., forms, approvals). *Example:* Admin opens User Access Control tab → selects Role: General Manager → assigns: Branch: “Kuwait Main”, “Dubai Head Office” Region: “Middle East” Department: “HR”, “Finance”, “Operations” So this role has access across these selected organizational units. *PART 2: Role Permission Integration* The roles created under Role Management should automatically inherit access based on the permissions configured in the new User Access Control tab. Each role should only be able to perform actions or view data within the boundaries of the permissions given (Branch, Region, Region Unit, Department). The User Access Control configuration determines: Which Departments they can approve. Which Regions/Branches their dashboard or reports show. Which Employees they can view/manage. *Example:* If the “Regional Manager” role has access to Region: Middle East, they can: View and approve requests only from Middle East branches. See employees assigned to those regions. *PART 3: Multi-Selection in Employee Creation Form* Add multi-select dropdowns in the Employee Creation / Edit Form for: Department Region Region Unit Branch *Logic & Conditions:* If Region and Region Unit are manually created, then show multi-select option for both fields. The available options in these dropdowns should be filtered based on the permission defined in the “User Access Control” tab. *Example Behavior:* Admin creates new employee “John Smith” (General Manager). Selects multiple departments: HR, Finance, Operations. Selects multiple branches: Kuwait Main, Dubai Head Office. Based on the role assigned and access permission, John will have access to approve. *SCENARIOS & USE CASES* *Scenario 1: General Manager Access* A General Manager is responsible for approvals across multiple departments. Multi-selection allows assigning HR, Finance, and Operations departments during employee creation. So John (GM) can approve requests across all departments he’s linked to. *Scenario 2: Temporary Delegation in Absence* If a Department Manager (e.g., HR Manager) is on leave, another manager can be assigned to handle HR approvals. Through multi-selection, the temporary manager can be assigned additional department access (HR + their existing one) so work continues smoothly. ACCEPTANCE CRITERIA *1 Tab Creation* A new tab “User Access Control” appears under Admin Settings → Permission Category. *2 Acess Multi selection* Multi-selection* Fields Branch, Region, Region Unit, and Department fields must allow multi-select. *3 Permission Mapping* Admin can assign multiple branches/regions/departments to roles. *4 Role Access Control* Role permissions are restricted to the selected organizational units. *5 Employee Form Update* Multi-select options for Branch, Region, Region Unit, Department are visible during employee creation. *6 Conditional Display* Region & Region Unit multi-selection appear only if manually created. *7 Data Filtering* Employees see/manage data only from assigned branches/regions/departments. *8 Approval Access* Approvers (e.g., GM, Managers) can act on requests across assigned departments. *9 Delegation Support* Admin can easily assign additional access in the employee form for temporary coverage. *EXAMPLE DATA FLOW* Admin → Access Mapping → Assign multiple departments to Role “General Manager”. Employee “John” created with Role = General Manager → Multi-select (HR, Finance, Ops). John logs in → System fetches his assigned departments → Approvals list shows only those. If HR Manager is on leave → Admin adds HR department temporarily to another manager → That manager gains HR approval access until removed.