Hyland

Jacob_Morrison · ‎09-24-2020

Our HR department has been scanning employee records for a little over a year. They would like to expand access to departments with the idea that departments upload documents they generate (e.g. performance appraisals, policy sign-off forms, etc.) directly into OnBase and have them go into the HR employee record. I can think of a few different ways to implement this, and I am wondering what strategy others have used to manage HR employee records while providing restricted access to departments such that departments can only access records for their own employees. Given the following conditions...

Departments generate some employee records while HR generates others.
Some department records are maintained only by the department (internal department policy sign-offs, certain memos, etc.). Others are sent to HR.
Departments need access to the records they generate as well as certain documents in the HR employee record.
Departments cannot see records for employees in other departments.
If an employee transfers between departments, certain documents are still not accessible to the new department.

Do you use any of the following strategies, or do you suggest something different?

Option 1: Use a Security Keyword on the documents, grant departments access to specific document types, and grant them access to the HR - Employee Records File Cabinet. Pros: Single copy of documents; less configuration. Cons: Departments would all need to use the same document types and folder layout as HR; Departments would need to see all employee folders even if they could not see the documents within them.

Option 2: Each department has their own set of employee document types, and use a workflow to copy documents to the HR document types. Pros: Customizable document types and folders for each department; easier security configuration. Cons: Duplicate documents; more workflow and logic management.

Option 3: Use a single set of document types, but use WorkView to have an object for each employee that links to the employee's documents. Use filters to restrict department access to employee objects and security keywords to restrict access to documents. Pros: Easy searching for employees; no document duplication. Cons: More complex configuration

Thank you.

Update: We chose to go with option #1 while allowing departments to have their own document types for internal policies or other documents not used directly by HR. They need to fit into the HR folder structure and HR has view access to those department specific document types so they can see the entire employee file. We are about to start a pilot with one of our larger departments, so we will see how it goes.

Matt_Lutz · ‎09-24-2020

We do this. It's a complicated headache (we have a workforce of 2700 FTEs and hundreds of seasonal workers). We probably have 200 security groups for employee-related records. Too many departments want special permissions for individual employees which we generally refuse. We stick to groups and what one employee in the group gets, it applies to others in the group too. With this policy, some departments consent, others decide the employee doesn't in fact need the requested access. We use DeptID as our Security Keyword to control access where the employee transfers to each new department.

The headache is quality of data entry. Far too often, the indexers don't pay attention to the AFKS results and simply pick the top row of data (where the employee works today), despite the fact the document is from 1999 and they should have scrolled thru the AFKS results to pick the department where the employee was stationed in 1999.

To account for frequent name changes, we do use SSN and EmployeeID as identifiers. We are contemplating some other strategy to permit us to cease using SSN.

Debbie_Scaccian · ‎09-25-2020

Our departments have a department number . By making the department number a security keyword we are able to let them add records and access the existing records in HR and only see their own.

Stephanie_Macug · ‎09-25-2020

We too are right about where you are Jacob - almost all employee files have been scanned into OnBase, but for now, only HR has access. Initial thoughts are that long term we will have a workflow LC that allows users and departments to import documents, but have an approval/verification that routes through HR to ensure that first the document belongs in the employee file, and second, it's categorized and indexed appropriately within the file cabinet.

We did create an autofill KW set that links to our ERP so all documents have, at minimum, the employee ID on them. The autofill also contains the name, position, hire date, etc. for employees based on the type of document. The employee ID will then become a security KW on each employee so they can access their entire file (likely through web client). We are aiming to also set up security KW's for departments as we have the same constraint that departments do not need to see every document in the employees file. This could get messy, but I'd like to see if there is a way that we can link our position budgeting org structure that's in ERP to OnBase so that as employees move teams/departments, manager access also updates.

I'll be curious to see what others suggest as we are probably 6 months away from kicking off this project.

Hyland

Strategy for Employee Record Configuration Across Departments