This guide explains how to use the position filter to exclude specific employee positions when importing employees into eADM. This is useful for automated access management, preventing users with certain roles (e.g., foster homes) from being accidentally added to access groups for related services (e.g., child protective services).
How it works
The position filter removes specified roles from an employee's profile, which is particularly useful for public sector clients where individuals often hold multiple positions or roles.
For example, an employee, such as a teacher, may also serve as a foster parent or be elected to the local council.
You can set up a filter to exclude roles such as contract work, elected officials, or foster care positions. Such roles typically appear in a municipality’s HR system only because they are eligible for some form of compensation, but they are not “employed positions” in the traditional sense and should not be granted access to the system.
The position filter effectively eliminates any positions that should not be considered for role-based access control, retaining only the relevant positions, such as the “teacher” role. This ensures that excluded positions are not evaluated for role-based access management.
Warning: If a filtered position is the user's only position, their account will be left without a primary position. This may cause the main account filter to deactivate the user account.
The "Calculate primary position" function
To prevent accidental deactivation, the "Calculate primary position" function can be used. When a user's primary position is removed, this function automatically assigns another of their active positions as the new primary position. This ensures that the user account remains active and correctly linked within the system, for example, to their line manager.
Filter scenarios and outcomes
The result of filtering depends on whether the "Calculate primary position" function is enabled.
|
Scenario |
Filter Results |
Consequence |
|---|---|---|
|
The filtered location is the user's only location. |
The primary position is filtered out. |
The user account has no active positions and will likely be deactivated by the main filter. |
|
The filtered position is the primary position, and the user has other positions. "Calculate primary position" is disabled. |
The primary position is filtered out; the secondary position is retained. |
The user appears in the system without a primary position and loses contact with their line manager. |
|
The filtered position is the primary position, and the user has other positions. "Calculate primary position" is enabled. |
The primary position is filtered out; the secondary position is retained and recalculated as the new primary position. |
The user appears in the system with a new, calculated primary position and remains under the supervision of their line manager. |
|
The filtered position is a secondary position. |
The secondary signal is filtered out. |
The user appears in the system as usual, but without the filtered secondary position. |
Example: Filtering a secondary position
In this example, an employee holds a primary position but also has a secondary role as a freelance singer. We want to remove the "freelance singer" position and its associated access rights.
We can create a filter rule that removes any position where the
Position Type (Job Type) The attribute is "O" (which corresponds to "Caregiver pay/Contractor").
Before filtering: The user has two options.
Filter configuration:
-
Rule Set: Position Filter
-
Attribute: Position Type (
Job Type) -
Condition: Is one of
-
Argument: O
After filtering: After the next synchronization, the secondary position is removed, along with any access associated with it.
Note: The position filter must be enabled by Identum. Please contact our support team to set up a position filter for your organization.