Dear all,
I don't remember where but I think I have heard from a product webinar or AppianWord that you can apply security on a single row of a record. Please can someone confirm this? And if this is true, where can I configure this feature?
Thanks
Discussion posts and replies are publicly visible
In the past I thought the approach described in these comments, as well as in the playbook https://community.appian.com/w/the-appian-playbook/207/record-level-security-for-entity-backed-records#ExampleApp1 use to limit not only users from seeing the record instance on the record grid, but would also throw an error if they navigated to the record instance via url. I just tried this in 21.1 and it allowed me to view the record instance. Did something change?
Is there another approach that could be taken that would truly limit visibility to a record instance via an expression, and not just filter what is in the record grid list. If the user has a bookmark of the record link, or if the system has a record link outside of the record grid, then they can still hit the record.
The playbook article should provide a solution that limits users access, even if they navigate via URL. Did you see a change in behavior from a version prior to 21.1 after you upgraded to 21.1? Also can you provide more context on how you configured your record-level security?
I'm not able to reproduce that behavior of being able to access a record that is not visible via default filters. In my 21.1 instance, I still see the earlier behavior of an error when a record is not accessible via default filters (and it does not appear in the grid), which is what I would expect.
1) Accessed a record summary for process #1, saved the link
2) Updated default filters to exclude process #1
3) Refreshed the record, #1 disappeared as expected
4) Pasted the saved link into a new browser tab, received the error below as expected
My apologies, I think I had a typo in my code. After I started from scratch with the app in the playbook it worked correctly. Thanks for the response.
Chris, I had a typo in my filter. I appreciate you testing it for me on your side. Sorry about wasting your time.
No worries! Good excuse to double check security anyway ;)
No worries, I'm glad you got it to work!
I tried modifying the Default Filters in the example application with the instructions here: https://community.appian.com/w/the-appian-playbook/207/record-level-security-for-entity-backed-records under the Managing Global Viewers section as shown in the screenshot below.
When I view the record list from tempo/sites, the grid duplicates the cases. Considering that the entity backing the record has duplicates, I'm not surprised to see duplicates. But, based on the link in the playbook, it seemed like Appian had handled the duplication issue.
Am I missing something obvious?