Sorry for the vague title. My brain just couldn't think of anything else.
I have a commission report and I just can't seem to come up with a path to get the PDP setup correctly.
I have 3 distinct levels of access:
Role level: Salesperson can see only their personal rows. Supervisor can see the rows of everyone that reports to them. Same for Division Manager and Regional Manager. I have this setup using managed attributes. All users are in a Commission AD Group that gives them access to the report.
Corporate/Admin level: Commission Admin AD Group assigned to the All Rows policy.
Office Manager level. This is the one I can't figure out. I need office managers to be able to see all records for their Division. I have an AD group for Office Managers and different AD groups for all of the Divisions. I have given the Office Mangers access to the report, but if I use the Division AD Groups for the PDP won't that give everyone in the above mentioned Commission AD Group (salesperson, supervisors, etc) access to those rows?
How can I limit the Role level users to very specific row level access while giving Office Managers a higher level of row level access. Note that the Division AD Groups are used company wide therefore I can't change who is in them.