Controlling access to requests for hierarchical groups

Hierarchical groups have the following  configuration parameters.

Parameter Name	Description
Hierarchical-Groups-Threads	Allows you to configure the number of threads (default value is 1) that will be used for computation of hierarchical groups. When all the existing worker threads are in use, the system starts additional threads as needed until the configured number of threads is reached. These additional threads remain active until the AR System server is rebooted. Best practice We recommend that you use a significantly high number of threads (at least 5) in the following scenarios: When changes are made to the group hierarchy When group changes are applied to forms You must increase the number of threads because these changes could result in updates to numerous entries across several forms.
Hierarchical-Groups-Interval	Allows you to configure compute delay (in minutes) for hierarchical groups. The default value for this delay is 5 minutes. The AR System server waits for the specified amount of time before hierarchical groups begin the compute activity. The delay time is calculated from the time when the last change is made to the group hierarchy and when group changes are applied to the forms. If during the delay period a new change is made, then the delay time is reset to take into account the last change made. The following example will help you understand the hgdelay concept: Suppose you have configured hgdelay time as 10 minutes. The AR System server waits for 10 minutes before it computes the worker threads. During the delay time, if you make certain changes at the 7th minute, then the delay time is further extended by 10 minutes. Thus the AR System server begins its task of computing worker threads at the 17th minute. If you make any subsequent changes, the delay time is extended by 10 minutes each time.

For details on configuring these parameters, see Configuration settings E-M.

To manage row-level access for the parent or ancestor groups in a hierarchical group relationship, use the Dynamic Permissions Inheritance form property along with a second implicit group field on the form. (You can also set static permissions inheritance property on the form to control access to the form and its fields for parent groups.) 

To configure dynamic permissions inheritance, you create a dynamic group that AR System populates with any parent or ancestor groups at run time, and add a field to the form with the same ID as this dynamic group. At run time, for any group ID or name that workflow enters in the child dynamic group field, AR System checks for defined ancestor groups. If any exist, AR System enters the parent group ID (or IDs for multiple levels of hierarchy) in the parent dynamic group field, giving the parent group row-level access to the request.

For an overview of hierarchical group relationships, see Using a parent group for permissions inheritance.

To control access to requests for hierarchical groups

1. Follow the appropriate procedure in Using-the-Assignee-Group-and-dynamic-groups-Examples to configure row-level access for the child group.
2. Create a new dynamic group that identifies the parent group relationships at run time, and assign it a group ID in the dynamic group range, such as 60002.
    For example, create a dynamic group named Parent Dynamic Access.
3. Add a character field to the form with the same field ID number as the Parent Dynamic Access group ID, in this example, 60002.
4. Grant the group Parent Dynamic Access permission to the Request ID field.
5. Select the Definitions tab.
6. Expand the Permissions panel and then the Group Permissions panel.
   
7. In the Dynamic Permissions Inheritance field, map the child implicit group field ID to the parent dynamic group field ID, as in the following example:
   112:60002 60001:60002
    Enter the child dynamic group ID first, followed by a colon, and then the parent group ID.
   For detailed information on permissions inheritance, see Using-a-parent-group-for-permissions-inheritance.
8. Save the form.