Hi, Everyone I am trying to incorporate security on feeds that are b

@abhishek: I tried the suggested approach.Actually what I am doing is creating sub groups on fly. I have created a pool of groups in constant.Whenever a process initiates it checks weather any group is present in pool constant or not. If yes, it retrieves the first group of the pool and removes it from pool.And before process terminates, all the user is removed from that group of process instance and is returned back to pool. However, if no group is present in pool when any instance is spawned then I create a new custom subgroup parent of pre defined group using Identity Management Smart service and managing users in group and pass it to tempo. Using this approach I am able to reduce the number of groups created dynamically by around 60 to 70 %. It works fine.

However, I am facing one issue in it.Whenever I add any user in a subgroup , then that particular user is added in subgroup, but along with it , it is also added in the Parent Group of that subgroup.
I want that whenever any user is added or removed from a subgroup the same should only reflect in that sub group and not on its parent group.

Please provide your suggestions.

Thanks In Advance
Siddharth.

Do you care about the group membership only while the process is active? In other words, after your process terminates, don't you want the Tempo post viewership to remain the same forever?

If you remove users from a group (which you used as a viewer group when posting to Tempo) or delete the group itself, the user will no long have access to the Tempo post, since your Tempo post will still be targeting this group. I don't think you want so, do you? I am not quite sure how your approach is working for you.

I don't think removing users from a group or deleting a group will solve your problem. In-fact, if you are going ahead with the dynamic group approach, you will have to keep all the groups around forever. Increasing the number of groups affects the login time for a user a little, but not necessarily a show stopper.

But, I would highly recommend reconsidering your overall design while keeping Appian Tempo best practices (forum.appian.com/.../Tempo_Best_Practices) in mind.

And, yes, the sub-group membership is inherited by the parent group in Appian.

@Abhishek: Yes you are right. This would violate one of my use case. If I delete the users from the group before the process terminates and return the group back to pool, the tempo feeds of that particular instance will no longer be visible.

In that case, from all the discussions we have the only way which I can see is that I have no option other than creating group for each process instance and managing users in that group. So number of groups created will be directly proportional to the instances spawned.
Is that the best practice of creating groups for implementing tempo security or is there other way round in Appian??

Please provide your suggestions as this list in top priority of my all use cases of application. I will be obliged.
Thanks in advance.