Appian Community
Site
Search
Sign In/Register
Site
Search
User
DISCUSS
LEARN
SUCCESS
SUPPORT
Documentation
AppMarket
More
Cancel
I'm looking for ...
State
Not Answered
Replies
36 replies
Subscribers
11 subscribers
Views
12105 views
Users
0 members are here
Share
More
Cancel
Related Discussions
Home
»
Discussions
»
Data and Records
How is everyone handling record security, when requirements require dynamic visi
Chris
over 9 years ago
How is everyone handling record security, when requirements require dynamic visibility? For instance, we require records for an application to be visible for all application administrators and also to the process initiator (initiator should only see the record for the process isntance they have initiated). Sometimes, company divisional views are necessary as well - divisional administrators should only see records for their specific division. With nearly 40 applications in production, we do not want to have 3+ records for each application. Just wondering if anyone has experience with similar situations. Thanks!
OriginalPostID-155229
OriginalPostID-155229
Discussion posts and replies are publicly visible
Parents
0
Mike Schmitt
Certified Lead Developer
over 9 years ago
I was thinking a bit more about this over the weekend and it occurs to me that there may be another approach to solve the issue of determining membership of these private groups without using so much of a workaround. What if you created a new group (with a less strict permission level), something along the lines of "X Record Superuser Viewers" - and add whichever groups will always see all record listings as members of that group. That way your expression could check for membership of that group (from a constant or whatever), without needing to "see" the private groups. This would also protect you from issues if the "doesuserbelongtogroupnamed()" rule's permissions ever get changed without warning.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
Reply
0
Mike Schmitt
Certified Lead Developer
over 9 years ago
I was thinking a bit more about this over the weekend and it occurs to me that there may be another approach to solve the issue of determining membership of these private groups without using so much of a workaround. What if you created a new group (with a less strict permission level), something along the lines of "X Record Superuser Viewers" - and add whichever groups will always see all record listings as members of that group. That way your expression could check for membership of that group (from a constant or whatever), without needing to "see" the private groups. This would also protect you from issues if the "doesuserbelongtogroupnamed()" rule's permissions ever get changed without warning.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
Children
No Data