Hi ,
I have a requirement where we will be having around 90 case types and I have groups for each case type (90 groups). I need to provide a record level security for each cases . For eg: if I am part of Address group I can see only address cases in the record. I am planning to use Security expression instead of security rule since there are around 90 case types. I created an array constant containing all the groups with group type and also with the text type.
I was trying to use for each loop and query filters.
local!group constant contains all the 90 groups in group type
local!groupassignee constant contains all the 90 groups in text type.
Please suggest me any approach where we can provide record level security for 90 cases.
Thank you
a!localVariables( local!group:cons!PSP_ALL_GROUPS, local!gropAssignee:cons!PSP_ALL_GROUP_TXT, if( a!forEach( items: local!gropAssignee, expression:a!queryLogicalExpression( operator: "AND", filters: a!queryFilter( field:'recordType!{d04e87fb-d9c5-48ef-a7b6-e7c4e6c81462}PSP Case.fields.{c14f8be7-fd69-4376-9fec-07b1580b8fb6}assignee', operator: "=", value:fv!item, applyWhen: a!isUserMemberOfGroup(loggedInUser(),local!group[fv!index]) ), logicalExpressions: a!queryLogicalExpression( operator: "OR", filters:{ /*a!queryFilter(*/ /*field:'recordType!{d04e87fb-d9c5-48ef-a7b6-e7c4e6c81462}PSP Case.fields.{c14f8be7-fd69-4376-9fec-07b1580b8fb6}assignee',*/ /*operator: "=",*/ /*value:fv!item,*/ /*applyWhen: a!isUserMemberOfGroup(loggedInUser(),local!group[fv!index])*/ /*),*/ a!queryFilter( field:'recordType!{d04e87fb-d9c5-48ef-a7b6-e7c4e6c81462}PSP Case.relationships.{ca74045f-3a4a-4284-86ae-a4d6d7744e45}status.fields.{d23ca31a-c9ef-4251-bd96-80178354dd3c}id', operator: "=", value:1, applyWhen: a!isUserMemberOfGroup(loggedInUser(),local!group[fv!index]) ), a!queryFilter( field:'recordType!{d04e87fb-d9c5-48ef-a7b6-e7c4e6c81462}PSP Case.relationships.{ca74045f-3a4a-4284-86ae-a4d6d7744e45}status.fields.{d23ca31a-c9ef-4251-bd96-80178354dd3c}id', operator: "=", value:2, applyWhen: a!isUserMemberOfGroup(loggedInUser(),local!group[fv!index]) ), a!queryFilter( field:'recordType!{d04e87fb-d9c5-48ef-a7b6-e7c4e6c81462}PSP Case.relationships.{ca74045f-3a4a-4284-86ae-a4d6d7744e45}status.fields.{d23ca31a-c9ef-4251-bd96-80178354dd3c}id', operator: "=", value:3, applyWhen: a!isUserMemberOfGroup(loggedInUser(),local!group[fv!index]) ) } ), ) ), true(), false() ) )
Discussion posts and replies are publicly visible
Wouldn't it be simpler to simply have a map that ties a group to a case type?
You can then create a Service Backed Record Type based on this map and then create a Relationship with the Case Record to retrieve the group for the Case Type and provide it in your rule.
Hello Mathieu Drouin .To construct map we need to create 90 group constants which we want to avoid. Please suggest the ideal way to validate the logged in user belongs to that group to filter out the records .
- Expose an API exposes group IDs and associated UUIDs (use the getgroupuuid in People Functions plugin)
- Create a Service Backed Record type called Group based on that API
- Create a Database backed Record Type (Case_Type_Group) that maps a Case Type to a Group UUID (this would replace the case type / group map)
- Create a relationship between Case Type and the Case_Type_Group and another relationship between Case_Type_Group and Group
Thank you for the reply Mathieu Drouin Will check this approach.