Restrict class by ROLE (vs. user)
Goal: Restrict user access by classification based on the role they are using.
The classification setting is set on a given user. I have a need for a given user to be able to set a transaction level class, but want to leverage the restrictions as described here:
under each role.
Example: User has 2 roles available. Each role should force transactions to have a given class. Using the Restricting Accounts for Roles recommendation and Employee Restrictions and Class Restrictions I can restrict a user's access to 1 class only as the class setting is on the USER. So, in my implementation, I created 2 roles. One role is setup as described and successfully restricts a user's behavior such that all trans have the correct class. The second role is setup by naming convention to be the 2nd class, but in reality the users can select either class. Thus in that situation, the user is able to set the wrong class on a given transaction.