https://community.appian.com/discussions/f/data/5276/i-have-an-appian-security-design-question-i-have-designed-a-contract-request-apI have an Appian Security Design question. I have designed a Contract Request App where security is paramount. The security requirements include 2 basic security roles: 1 - Observers allowed to view all contracts. (ex. CIO and members of contracting officeen-USTelligent Community 12https://community.appian.com/thread/19708?ContentTypeID=1Fri, 03 Jul 2015 03:05:12 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:598bba80-5683-490c-9090-5f99e005aeddAndrew P GramannPerhaps should all app users be allowed to view the Record and then put security on each Process Instance resulting in them only being able to their Records their allowed?<br /><br />This is the way to do it for process backed records. Additionally, a!queryRecord() takes security into account when it is executed, so your can develop reports against your records type that still respect record level security.<br /><br />Appian COE has written up the best practice for record level security on Data Entity backed records here <a href="https://forum.appian.com/suite/help/7.9/Record_Level_Security_for_Entity_Backed_Records_Best_Practice.html">forum.appian.com/.../Record_Level_Security_for_Entity_Backed_Records_Best_Practice.html</a><div style="clear:both;"></div>https://community.appian.com/thread/19707?ContentTypeID=1Fri, 03 Jul 2015 03:01:13 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:ed807b08-ac6b-414d-a0ee-1c51560aa57dnathan.schmitzHaving per instance process security using process backed records is probably the simplest approach. However processes must be archived at some point (preferably soon) after completion at which point the process will no longer be visible. If this is unacceptable, you should consider using entity backed records and implementing security as part of the default filter. This will enables users to continue to see the record even after process instances are archived.<div style="clear:both;"></div>https://community.appian.com/thread/19683?ContentTypeID=1Thu, 02 Jul 2015 21:29:50 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:01f6a4d1-a7d6-45e5-9b8e-ae7e36b2928bgreggl...process via the News but not all the other contract Records. <br /><br />However this is not a good user experience. The documents attached to the Record, and latest data, are only visible via the Record. I am wondering if there is a better way? Perhaps should all app users be allowed to view the Record and then put security on each Process Instance resulting in them only being able to their Records their allowed? <br /><br />In other words, what is the best security architecture to allow users identified at process run-time to see only the Records they are participating in the process and no other records for the same process model?<br /><br />Thanks,<br />Gregg<div style="clear:both;"></div>