Providing access to record instances by defining security labels

To grant row-level access to create and update record instances by adding security labels

1. Log in to BMC Helix Innovation Studio and navigate to the Workspace tab.
2. Select the application in which you want to create a process or modify an existing process.
3. Perform any of the following tasks:
   • If you want to create a new process, select Processes > New. 
   • If you want to update an existing process, select the process, and click Edit.
4. Drag the Create Record or Update Record element to the canvas according to the operation you want to perform.

1. In the Properties pane, in the INPUT MAP section, fill out the properties as described in the following table:

   Field	Action
   Record Definition Name	Record definition for which you want to update a record instance. You can select a record definition by using one of the following methods: Select Record Definition—Select a record definition from the current application. Build Expression—Build an expression to leverage a record definition dynamically at runtime.
   Sample Record Definition Name	Record definition template to create or update the record definition that you select at runtime. The sample record definition fields are displayed in the Expression Editor which you can use to create an expression.  This option is displayed only if you select Build Expression from Record Definition Name field.
   Add/Remove Input Map Field	Fields of the record definition that you select map to the process parameters or to an expression that assigns a value to the mapped fields. The new record instance is created by using the values assigned to the mapped fields.

2. Add new security labels for Create Record element, by performing the following steps:
   1. Click Edit Security Labels.
   2. On the Edit Security Labels page, select the existing security label created for the record instance. 

   3. From the Security Label to Set section, click the Click to build an expression link, and add the list of group names, user names, roles, or functional roles for which you want to grant access.

      
      
      

      Important

      You can use the (+) operator to add two lists that are dynamically retrieved by using the get Security label component. However, you cannot use the (+) operator to add a dynamically retrieved list and a hardcoded group or user.

3. To add new security labels for Update Record element, perform the following steps:
   1. From the Security Label Actions section, select Add Security Labels.
   2. Click Edit Security Labels.
      

1. 1. On the Edit Security Labels page, select the existing security label created for the record instance. 
   2. From the Security Label to Set section, click the Click to build an expression link, and add the list of group names, user names, roles, or functional roles for which you want to update the row-level access.
2. Click Save.

To update row-level security for update record instances

1. Log in to BMC Helix Innovation Studio and navigate to the Workspace tab.
2. Select the application in which you want to create a process or modify an existing process.
3. Select the process you want to update, and click Edit.
4. Drag the Update Record element to the canvas according to the operation you want to perform.
5. From the Security Label Actions section, select Add Security Labels.
6. Click to edit the existing security label. 
7. On the Edit Security Labels page, select the existing security label created for the record instance. 
8. From the Security Label to Set section, perform the following steps:
   • To add to the existing values, click Append to Existing Values , click the Click to build an expression link, and add the list of group names, user names, roles, or functional roles to which you want to grant access.
     Important: If you do not click Append to Existing Values , the existing values are deleted, and you can add new values for the security label.

1. • To add new values, click the Click to build an expression link and add the list of group names, user names, roles, or functional roles that you want to grant access to.

     Important

     You can use the (+) operator to add two lists that are dynamically retrieved by using the get Security label component. However, you cannot use the (+) operator to add a dynamically retrieved list and a hardcoded group or user.

2. Click Save.

To remove row-level access for record instances

1. Log in to BMC Helix Innovation Studio and navigate to the Workspace tab.
2. Select the application in which you want to create a process or modify an existing process.
3. Perform any of the following tasks:
   • If you want to create a new process, select Processes > New tab. 
   • If you want to update an existing process, select the process, and click Edit.
4. Drag the Update Record element to the canvas according to the operation you want to perform.
5. To remove the security labels, from the Security Label Actions section, select Remove Security Labels.

6. On the Edit Security Labels page, select the existing security label created for the record instance. 

   

7. To remove specific access, from the Security Label Value Removal field, select Remove Specific, and click the Click to build an expression link, and add the list of group names, user names, roles, or functional roles for which you want to remove the access.

   

8. To remove access for all the values, from the Security Label Value Removal field, select Remove All.

   

9. Click Save.