How to have Record Level Security for my Appian Application?

Question

Hi, 
 I have a use case where while updating an already created Form, I want to limit the user to only update a particular attribute / field in the form where the rest shows as "Read-Only"

For example, in the above case, I want to give an access to only update the Ownership % for particular users, and rest fields be "read-only".

Harsha Sharma · Answer

You can create an additional rule input of boolean type say ri!isRelatedAction. Within the related action interface pass this boolean as true. And in the interface set readonly as ri!isRelatedAction against all the form fields except Ownership %. 
 If you already have readonly set to some variable or value then have the newly created rule input within an or() function. like readOnly:or(ri!readOnly,ri!isRelatedAction) 
 Next, check the dependents of this interface and pass false for the value against ri!isRelatedAction. So that in all other places the change doesn't cause any other regression issues.

Harshit Bumb (Appyzie) · Answer

Hi Atishay, 
 You can directly apply this logic in the individual component's readonly or disabled property. You can check if the loggedInUser() is a part of a specific group, then only these fields should be enabled. Else, you can show when disabled. Or vice versa. 
 You can also include checks like if this is an update action. If you are using the same interface for create and update actions, then you can have an additional RI to pass if this interface is being opened in context to updating. Something like isUpdate. Pass true in it while using in related action (update), and false when passing in action (create).

Mike Schmitt · Answer

AtishayJain said: h ow can this logic be applied to only allow a specific "group" of user to edit "Ownership %" field? 
 This would use the exact same logic as posted earlier in this thread, FWIW. 
 In sort: 
 
 In your SAIL code, you'd check whether a user is a member of this group (store this result in a local variable etc) 
 Base logic of the editability of whatever field(s) you want on the results of that initial check, and in combination with any other factor(s) you might come across.

How to have Record Level Security for my Appian Application?

Top Replies