Appian Community
Site
Search
Sign In/Register
Site
Search
User
DISCUSS
LEARN
SUCCESS
SUPPORT
Documentation
AppMarket
More
Cancel
I'm looking for ...
State
Not Answered
Replies
3 replies
Subscribers
11 subscribers
Views
1738 views
Users
0 members are here
Share
More
Cancel
Related Discussions
Home
»
Discussions
»
Data and Records
I have an Appian Security Design question. I have designed a Contract Request Ap
greggl
over 8 years ago
I have an Appian Security Design question. I have designed a Contract Request App where security is paramount. The security requirements include 2 basic security roles:
1 - Observers allowed to view all contracts. (ex. CIO and members of contracting office group)
2 - The Requestor / process initiator and reviewers selected from form drop-downs to review can only see the requests they are a participant on.
After much review of the Security configuration options of all Appian components, I designed a solution whereby the Observers can see all the request Records and a Report of all processes and tasks. And then process participants (Initiators and Reviewers) can only see the News and when Tasks are specially assigned to them. They can not see the Record or Report. And the News postings are restricted to the participants of that process instance and the Observers group. This technically works as it allows Participants to see the current status of their ...
OriginalPostID-154936
OriginalPostID-154936
Discussion posts and replies are publicly visible
Parents
0
nathan.schmitz
Certified Associate Developer
over 8 years ago
Having per instance process security using process backed records is probably the simplest approach. However processes must be archived at some point (preferably soon) after completion at which point the process will no longer be visible. If this is unacceptable, you should consider using entity backed records and implementing security as part of the default filter. This will enables users to continue to see the record even after process instances are archived.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
Reply
0
nathan.schmitz
Certified Associate Developer
over 8 years ago
Having per instance process security using process backed records is probably the simplest approach. However processes must be archived at some point (preferably soon) after completion at which point the process will no longer be visible. If this is unacceptable, you should consider using entity backed records and implementing security as part of the default filter. This will enables users to continue to see the record even after process instances are archived.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
Children
No Data