Restricting Access to Complaints Cases

We have a case type for complaints and it was recently noted at one of our manager meetings that complaints about staff should not be visible to everyone. Each complaint case gets assigned a complaint lead and a complaint manager and I’ve been asked to limit access to the staff complaints to these two people plus anyone with a HR user role.

When a person is added as a complaint lead a link is made with the user object by a many to one relationship from the case object. When a link is established, the user name is copied from the user object to a field on the complaint case called complaint lead. I’ve tried to create a subset on the user object to say when when the user role is equal to HR or the username is equal to the complaint lead field grant access to the user. This isn’t working because the relationship path from the user object is a one to many (images below of subset and relationship)

This isn’t working for me because of the relationship path going form user to case. Has anyone done something like this already that could provide some advice for me?

1 Like

Is this to restrict the records on a list? If so you could use the “User filter relationship” option to restrict it to Case records related to the logged in User.

For the Manager User, they would either need a separate list (as it is a different relation) for their manager cases, or you could use the same relation for both Lead and Manager but have a join Object between User and Case so you can use a single list (with e.g. booleans on the join Object to define which is the Lead join record and which is the Manager join record).

The join would also allow you to list a history of Lead and Manager histories for the case if it gets passed around (with e.g. a boolean if it is a join record for the current Lead/Manager).

When assigning complaints cases we also use the “Exclude via path” option on the assignment relation selector which limits which staff can be assigned the case (so the staff member it is about is not accidentally assigned to it). This excludes Staff records related to an excluded staff join added by the complaints team when the case comes in which is between Staff and Case objects.

Thanks for the help with this James. It’s been a while since I’ve been able to look at it. I was able to use a combination of setting a privilege for staff complaints and the use relationship path to lock it down. I added all of the user roles that should have access to the staff complaints to the privilege and then I inversed the user visibility relationship to deny access to the staff member the complaint is made against.