How is everyone handling record security, when requirements require dynamic visi

Chris over 8 years ago

How is everyone handling record security, when requirements require dynamic visibility? For instance, we require records for an application to be visible for all application administrators and also to the process initiator (initiator should only see the record for the process isntance they have initiated). Sometimes, company divisional views are necessary as well - divisional administrators should only see records for their specific division. With nearly 40 applications in production, we do not want to have 3+ records for each application. Just wondering if anyone has experience with similar situations. Thanks!

Discussion posts and replies are publicly visible

Parents

0 Chris over 8 years ago

Exactly - the primary goal is to control permissions at the record level itself instead of within the process model design, if possible. On my previous comment, are there any work-arounds you know of for this method other than creating a CDT boolean field always defaulted to true() for use in the default filter 'Field' value? Then for the Value we would use an expression such as:

=or(loggedinuser() = touser(CDT_XXX.ProcessInitiator),doesuserbelongtogroup(loggedinuser(),getgroupnamed("Admin Group Here")))
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Chris over 8 years ago

Exactly - the primary goal is to control permissions at the record level itself instead of within the process model design, if possible. On my previous comment, are there any work-arounds you know of for this method other than creating a CDT boolean field always defaulted to true() for use in the default filter 'Field' value? Then for the Value we would use an expression such as:

=or(loggedinuser() = touser(CDT_XXX.ProcessInitiator),doesuserbelongtogroup(loggedinuser(),getgroupnamed("Admin Group Here")))
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data