Appian Community
Site
Search
Sign In/Register
Site
Search
User
DISCUSS
LEARN
SUCCESS
SUPPORT
Documentation
AppMarket
More
Cancel
I'm looking for ...
State
Not Answered
Replies
36 replies
Subscribers
11 subscribers
Views
11776 views
Users
0 members are here
Share
More
Cancel
Related Discussions
Home
»
Discussions
»
Data and Records
How is everyone handling record security, when requirements require dynamic visi
Chris
over 8 years ago
How is everyone handling record security, when requirements require dynamic visibility? For instance, we require records for an application to be visible for all application administrators and also to the process initiator (initiator should only see the record for the process isntance they have initiated). Sometimes, company divisional views are necessary as well - divisional administrators should only see records for their specific division. With nearly 40 applications in production, we do not want to have 3+ records for each application. Just wondering if anyone has experience with similar situations. Thanks!
OriginalPostID-155229
OriginalPostID-155229
Discussion posts and replies are publicly visible
Parents
0
Mike Schmitt
Certified Lead Developer
over 8 years ago
In general, the first thing I'd consider doing is setting the Record's security group to something permissive (such as "Record Viewers Group" containing a wide range of users), but then use an expression rule for "Default Filter" which takes the current user and the process initiator into consideration (among other things). So for example the expression rule for default filter could check:
1) is loggedInUser = process initiator? if yes then good, if not, then:
2) is loggedInUser = member of the admin group? if yes then good, if not then don't display the record on the list.
The effect of this (plus or minus some tweaking) should be effectively that admins will see all records on the list, and users will see only those records that they initiated.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
Reply
0
Mike Schmitt
Certified Lead Developer
over 8 years ago
In general, the first thing I'd consider doing is setting the Record's security group to something permissive (such as "Record Viewers Group" containing a wide range of users), but then use an expression rule for "Default Filter" which takes the current user and the process initiator into consideration (among other things). So for example the expression rule for default filter could check:
1) is loggedInUser = process initiator? if yes then good, if not, then:
2) is loggedInUser = member of the admin group? if yes then good, if not then don't display the record on the list.
The effect of this (plus or minus some tweaking) should be effectively that admins will see all records on the list, and users will see only those records that they initiated.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
Children
No Data