Hi ,
I have a requirement where we will be having around 90 case types and I have groups for each case type (90 groups). I need to provide a record level security for each cases . For eg: if I am part of Address group I can see only address cases in the record. I am planning to use Security expression instead of security rule since there are around 90 case types. I created an array constant containing all the groups with group type and also with the text type.
I was trying to use for each loop and query filters.
local!group constant contains all the 90 groups in group type
local!groupassignee constant contains all the 90 groups in text type.
Please suggest me any approach where we can provide record level security for 90 cases.
Thank you
a!localVariables( local!group:cons!PSP_ALL_GROUPS, local!gropAssignee:cons!PSP_ALL_GROUP_TXT, if( a!forEach( items: local!gropAssignee, expression:a!queryLogicalExpression( operator: "AND", filters: a!queryFilter( field:'recordType!{d04e87fb-d9c5-48ef-a7b6-e7c4e6c81462}PSP Case.fields.{c14f8be7-fd69-4376-9fec-07b1580b8fb6}assignee', operator: "=", value:fv!item, applyWhen: a!isUserMemberOfGroup(loggedInUser(),local!group[fv!index]) ), logicalExpressions: a!queryLogicalExpression( operator: "OR", filters:{ /*a!queryFilter(*/ /*field:'recordType!{d04e87fb-d9c5-48ef-a7b6-e7c4e6c81462}PSP Case.fields.{c14f8be7-fd69-4376-9fec-07b1580b8fb6}assignee',*/ /*operator: "=",*/ /*value:fv!item,*/ /*applyWhen: a!isUserMemberOfGroup(loggedInUser(),local!group[fv!index])*/ /*),*/ a!queryFilter( field:'recordType!{d04e87fb-d9c5-48ef-a7b6-e7c4e6c81462}PSP Case.relationships.{ca74045f-3a4a-4284-86ae-a4d6d7744e45}status.fields.{d23ca31a-c9ef-4251-bd96-80178354dd3c}id', operator: "=", value:1, applyWhen: a!isUserMemberOfGroup(loggedInUser(),local!group[fv!index]) ), a!queryFilter( field:'recordType!{d04e87fb-d9c5-48ef-a7b6-e7c4e6c81462}PSP Case.relationships.{ca74045f-3a4a-4284-86ae-a4d6d7744e45}status.fields.{d23ca31a-c9ef-4251-bd96-80178354dd3c}id', operator: "=", value:2, applyWhen: a!isUserMemberOfGroup(loggedInUser(),local!group[fv!index]) ), a!queryFilter( field:'recordType!{d04e87fb-d9c5-48ef-a7b6-e7c4e6c81462}PSP Case.relationships.{ca74045f-3a4a-4284-86ae-a4d6d7744e45}status.fields.{d23ca31a-c9ef-4251-bd96-80178354dd3c}id', operator: "=", value:3, applyWhen: a!isUserMemberOfGroup(loggedInUser(),local!group[fv!index]) ) } ), ) ), true(), false() ) )
Discussion posts and replies are publicly visible
Did you consider to store the case type specific group ID to each case record and just use a simple security rule? That would be my go-to approach.
Will the group ID be the same in all environments Stefan Helzle ??
Why is that important? You will not copy any data from DEV to TEST to PROD. And if you do, then let's talk about why you do that.
I thought we would use group Ids as a lookup table to relate to particular case types
In my mind, case type and access group id are two completely different things, must be stored in separate fields and not be used for any other purpose.