Combining Data Limitations
When a user has more than one function in the company, this is usually reflected by the user being assigned to multiple roles in People Planner.
Each role has its own set of privileges and its own set of associated data limitations. It is, therefore, relevant to discuss how data limitations are combined.
A public data limitation is essentially the same as a user data limitation, the only difference being that the administrator, not the user, creates it. A user can have a maximum of one user or public data limitation that is active at the same time. In contrast, you can have more than one system data limitation active through the roles that the user is assigned to.
This means that there are two possible types of basic combinations to consider:
- A system data limitation combined with another system data limitation
- A system data limitation combined with a user or public data limitation
Combined System Data Limitations
Rule 1: System Data Limitations are additive: If one of the system data limitations allows a user to see some specific data, that data should be visible, even if the other system data limitations do not allow that same user to see that data.
Were it not so, assigning more and more roles to a user would result in that user being able to do less and less work because less data would be visible with each new system data limitation (SysDL).
| SysDL1 | SysDL2 | SysDL1 + SysDL2 | |
|---|---|---|---|
| Allow a user to see a partial set of data | Yes | Yes | Yes |
| Yes | No | Yes | |
| No | Yes | Yes |
System Data Limitation Combined with a User or Public Data Limitation
Rule 2: System data limitations overrule user or public data limitations: A user or public data limitation may never give a user rights to see data that a system data limitation prevents that user from seeing.
Rule 3: Public or user limitations are subtractive: If a user data limitation dictates that a user does not want to see some specific set of data, that data should not be visible, even if the system data limitation (SysDL) otherwise allows that user to see the data.
| SysDL | UserDL | SysDL + UserDL | |
|---|---|---|---|
| Allow a user to see a partial set of data | Yes | Yes | Yes |
| Yes | No | No | |
| No | Yes | No | |
| No | No | No |
Multiple System Data Limitations Combined with a User Data Limitation
The three rules are trivially expanded to cover cases where there are several system data limitations, and they are combined with a single public or user data limitation.
The following table shows the example of three system data limitations (SysDL) combined with a public or user data limitation (UserDL). Bold text indicates where the additive-rule of the system data limitations dictates that the specific data should be visible in the Ccombined data limitation. Italic text indicates where the subtractive rule of Public or User Data Limitation overrules this and dictates that the data should not be visible after all.
| SysDL1 | SysDL2 | SysDL3 | UserDL1 | Combined DL | |
|---|---|---|---|---|---|
| Allow a user to see a partial set of data | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | No | No | |
| Yes | Yes | No | Yes | Yes | |
| Yes | Yes | No | No | No | |
| Yes | No | Yes | Yes | Yes | |
| Yes | No | Yes | No | No | |
| Yes | No | No | Yes | Yes | |
| Yes | No | No | No | No | |
| No | Yes | Yes | Yes | Yes | |
| No | Yes | Yes | No | No | |
| No | Yes | No | Yes | Yes | |
| No | Yes | No | No | No | |
| No | No | Yes | Yes | Yes | |
| No | No | Yes | No | No | |
| No | No | No | Yes | No | |
| No | No | No | No | No |