When automating HR use cases GDPR regulation is important.
Imagine the following use case:
-
We allow several departments to interact with an UiPath App that retrieve and update data from one data service entity. → Access to the entity in Data Service required.
-
In the UiPath App we only want them to interact with data from their department. We want to restrict access to other departments. → We can use look up functions in the App.
-
In the App the access is GDPR compliant. But a clever user could open the Data Service and has access to the whole dataset including data from the other departments.
Feedback / Change request:
It would be great, if we could deny them from opening the entity in data service while still enable them to retrieve and update the data within the App.
- One idea would be to add a further permission check box: “UiPath App access”
Yes, one could create many different Data Services with different permissions. But this would be a lot of administrative work and reduce oversight.
@ppr I haven’t found my initial request about which we were talking. Therefore, I just created it again. Maybe it will get voted this time