Attention: Confluence is not suitable for the storage of highly confidential data. Please ensure that any data classified as Highly Protected is stored using a more secure platform.
If you have any questions, please refer to the University's data classification guide or contact ict.askcyber@sydney.edu.au
Skip to end of banner
Go to start of banner

TAPSS-2188 Activity and Details Visibility - TAP wide

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 7 Next »

Target release

Q42024

Epic

TAPSS-2039 - Getting issue details... STATUS

Document status

DRAFT

Document owner

rommel.ngo

Designer

rommel.ngo

Tech lead

rommel.ngo

Technical writers

rommel.ngo

QA

Sushma Ramachandrappa

🎯 Objective

As a Jarvis user I want that everyone(TAP & Outside of TAP such as Trust, CCE, Audit) can see activity data, but only TAP team can see the contents of it. So that TAP team can see all the Activities and the details of those activities but Outside TAP team can only see that there are activities.

\uD83D\uDCCA Acceptance Criteria / Requirements

Requirement

User Story

Importance

Notes

AC1

Given I am a TAP team member

When I look at activities (all items in Activity timeline, Task, Event, EamailMessage)

Then I can see all activities with the details (contents)

TAPS-2188

HIGH

 AC2

Given I am a Outside TAP team member (CCE, Trust, Audit)

When I look at activities (all items in Activity timeline, Task, Event, EamailMessage)

Then I can see all activities without the details (contents)

 TAPS-2188

 HIGH

 

AC3

Given I am not TAP user at all (future organisation who wishes to join in Jarvis)

When I look at activities (all items in Activity timeline, Task, Event, EamailMessage)

Then I can not see any records at all

TAPS-2188

HIGH

\uD83E\uDD14 Assumptions

  • Wellbeing is already out of the Jarvis by Go Live / User Acceptance Testing

  • TAP Members are defined by

    image-20241001-042724.png

\uD83C\uDFA8 User interaction and design

(question) Open Questions

Question

Answer

Date Answered

How doe we control EmailMessage visibility.

It does not have OWD settings

It does not have Restriction rule unlike Task and Event

image-20241001-040559.png

(warning) Out of Scope

  • As we do not know who in the future will be joining Jarvis, it should be noted that they need to actively exclude Non TAP users from ever having access to any TAP Activities. Using Restriction rule have its consideration, one of which is :
    Before creating restriction rules, we recommend that you Turn Off Salesforce Classic for Your Org. Salesforce can't guarantee that restriction rules work as intended for end users who are in the Salesforce Classic experience.

🪶Impact Analysis

Activities - Private (AS IS)

Activities - Controlled by Parent (TO BE)

TAP Users

  • Only the owner of the Activity can see their respective Activities.

  • Users who are above of another user in Role Hierarchy can see all Activities owned by users in lower levels

  • This limits cross team collaboration.

  • Risk of reduced operational efficiency if data is not visible to teams that need it.

  • visibility of Activities are based on whether the user has access to the parent object of the Activity.

  • when Activities are parented to a Public object such as Opportunity, Contact and Account, the Activities are viewable

  • Potential security concerns since there is no data segregation within TAP

Non Tap Users

  • Cannot see activities owned by TAP users unless they are positioned higher than TAP users in Role Hierarchy

Proof of Concept : Making Task OWD Sharing to Controlled by Parent,

  1. Change OWD

    image-20240723-041740.png

  2. create a task using WB user

    image-20240723-042323.png

    image-20240723-042437.png

  3. Login as TAP User, activity created by WB user is not visible

    image-20240723-042622.png

  4. Create a Task whilst logged on as TAP user

    image-20240723-042755.pngimage-20240723-042851.png

  5. Log back in as WB user. TAP task is not visible

    image-20240723-043016.png

  6. Login as Admin, as a TAP admin, restriction rule still persist

    image-20240723-043122.png

  7. Disable Restriction Rules

    image-20240723-043242.png

  8. Both TAP and WB Task are visible

    image-20240723-043323.png

  9. Enable back the restriction rules

    image-20240723-043556.png

  10. change contact owner to WB user

    image-20240723-043658.png

  11. Log back in as WB user, on WB task is visible still

    image-20240723-043751.png

  • No labels