Controlling access to requests for hierarchical groups
Parameter Name | Description |
|---|---|
Hierarchical-Groups-Threads | You can configure the number of threads (default value is 1) that will be used for the computation of hierarchical groups. When all the existing worker threads are in use, the system starts additional threads as needed until the configured number of threads is reached. These additional threads remain active until the AR System server is rebooted. Best practice: We recommend that you use a significantly high number of threads (at least 5) in the following scenarios:
You must increase the number of threads because these changes could result in updates to numerous entries across several forms. |
Hierarchical-Groups-Interval | You can configure the compute delay (in minutes) for hierarchical groups. The default value for this delay is 5 minutes. The AR System server waits for the specified amount of time before hierarchical groups begin the compute activity. The delay time is calculated from the time when the last change is made to the group hierarchy and when group changes are applied to the forms. If during the delay period a new change is made, then the delay time is reset to take into account the last change made. The following example explains the hgdelay concept:
|
For details on configuring these parameters, see Configuration settings E-M.
To manage row-level access for the parent or ancestor groups in a hierarchical group relationship, use the Dynamic Permissions Inheritance form property along with a second implicit group field on the form. You can also set static permissions inheritance property on the form to control access to the form and its fields for parent groups.
To configure dynamic permissions inheritance, you create a dynamic group that AR System populates with any parent or ancestor groups at runtime, and add a field to the form with the same ID as this dynamic group. At run time, for any group ID or name that workflow enters in the child dynamic group field, AR System checks for defined ancestor groups. If any exist, AR System enters the parent group ID (or IDs for multiple levels of hierarchy) in the parent dynamic group field, giving the parent group row-level access to the request.
For an overview of hierarchical group relationships, see Using a parent group for permissions inheritance.
To control access to requests for hierarchical groups
- Follow the appropriate procedure in Using-the-Assignee-Group-and-dynamic-groups to configure row-level access for the child group.
- Create a new dynamic group that identifies the parent group relationships at runtime, and assign it a group ID in the dynamic group range, such as 60002.
For example, create a dynamic group named Parent Dynamic Access. - Add a character field to the form with the same field ID number as the Parent Dynamic Access group ID, in this example, 60002.
- Grant the group Parent Dynamic Access permission to the Request ID field.
- Select the Definitions tab.
- Expand the Permissions panel and then the Group Permissions panel.
- In the Dynamic Permissions Inheritance field, map the child implicit group field ID to the parent dynamic group field ID, as in the following example:
112:60002 60001:60002
Enter the child dynamic group ID first, followed by a colon, and then enter the parent group ID.
For detailed information about permissions inheritance, see Permissions-inheritance-by-using-a-parent-group. - Click Save.