Hi ,
I have a requirement where we will be having around 90 case types and I have groups for each case type (90 groups). I need to provide a record level security for each cases . For eg: if I am part of Address group I can see only address cases in the record. I am planning to use Security expression instead of security rule since there are around 90 case types. I created an array constant containing all the groups with group type and also with the text type.
I was trying to use for each loop and query filters.
local!group constant contains all the 90 groups in group type
local!groupassignee constant contains all the 90 groups in text type.
Please suggest me any approach where we can provide record level security for 90 cases.
Thank you
a!localVariables( local!group:cons!PSP_ALL_GROUPS, local!gropAssignee:cons!PSP_ALL_GROUP_TXT, if( a!forEach( items: local!gropAssignee, expression:a!queryLogicalExpression( operator: "AND", filters: a!queryFilter( field:'recordType!{d04e87fb-d9c5-48ef-a7b6-e7c4e6c81462}PSP Case.fields.{c14f8be7-fd69-4376-9fec-07b1580b8fb6}assignee', operator: "=", value:fv!item, applyWhen: a!isUserMemberOfGroup(loggedInUser(),local!group[fv!index]) ), logicalExpressions: a!queryLogicalExpression( operator: "OR", filters:{ /*a!queryFilter(*/ /*field:'recordType!{d04e87fb-d9c5-48ef-a7b6-e7c4e6c81462}PSP Case.fields.{c14f8be7-fd69-4376-9fec-07b1580b8fb6}assignee',*/ /*operator: "=",*/ /*value:fv!item,*/ /*applyWhen: a!isUserMemberOfGroup(loggedInUser(),local!group[fv!index])*/ /*),*/ a!queryFilter( field:'recordType!{d04e87fb-d9c5-48ef-a7b6-e7c4e6c81462}PSP Case.relationships.{ca74045f-3a4a-4284-86ae-a4d6d7744e45}status.fields.{d23ca31a-c9ef-4251-bd96-80178354dd3c}id', operator: "=", value:1, applyWhen: a!isUserMemberOfGroup(loggedInUser(),local!group[fv!index]) ), a!queryFilter( field:'recordType!{d04e87fb-d9c5-48ef-a7b6-e7c4e6c81462}PSP Case.relationships.{ca74045f-3a4a-4284-86ae-a4d6d7744e45}status.fields.{d23ca31a-c9ef-4251-bd96-80178354dd3c}id', operator: "=", value:2, applyWhen: a!isUserMemberOfGroup(loggedInUser(),local!group[fv!index]) ), a!queryFilter( field:'recordType!{d04e87fb-d9c5-48ef-a7b6-e7c4e6c81462}PSP Case.relationships.{ca74045f-3a4a-4284-86ae-a4d6d7744e45}status.fields.{d23ca31a-c9ef-4251-bd96-80178354dd3c}id', operator: "=", value:3, applyWhen: a!isUserMemberOfGroup(loggedInUser(),local!group[fv!index]) ) } ), ) ), true(), false() ) )
Discussion posts and replies are publicly visible
Did you consider to store the case type specific group ID to each case record and just use a simple security rule? That would be my go-to approach.
Will the group ID be the same in all environments Stefan Helzle ??
I am storing the assignee where the assignee will be a group. Previously there were only 6 case types and I provided the security based on the assignee. Now there are around 90 case types. I am trying to avoid providing the security for each cases individually since it is a long process. With the group Id I am not sure how to achieve this.
Is there a possibility to create a table for the groups which contains Appian group Ids and have these Ids mapped in the Case Types? This would make things much easier and less complicated. But when moving it to the Higher environment you will have to update the Group Ids in the Group table via running a script.
Why is that important? You will not copy any data from DEV to TEST to PROD. And if you do, then let's talk about why you do that.
I thought we would use group Ids as a lookup table to relate to particular case types
In my mind, case type and access group id are two completely different things, must be stored in separate fields and not be used for any other purpose.