05-07-2019 09:41 AM
Hi,
I need help setting up security keywords. We are using a Unity form.
I have a General User Group (GUG) and a HR Group (HRG)
The GUG should be able to see documents that contain their Userid. I created a security keyword at the group level for the GUG, where keyword user id = username
The HRG should be able to see all documents (in retrieval, custom queries as well as workflow). No security keywords were configured for the HRG.
The results....
The GUG can see only the documents with their user id - this works great.
The HRG can see only the documents with their user id - not so great. The HRG can not see all documents nor can the HRG see docs in the workflow queues (even though the group is assigned to the queues)
I have tried many different scenarios with no luck. Any ideas on how to configure this?
Thank you.
Wanda
05-07-2019 09:56 AM
Hi Wanda
I had the very same problem. Here is my work-around:
1) Add a second instance of the useid KW called "HRUSERS" to all the forms as they are submited with the appropriate WF action.
2)In the HR User group, add a static security KW user id = "HRUSERS"
3) Create a small WF with a timer and NO doc types configured to it for reprocessing the existing forms.
4) create s system task to add the existing form to the reprocessing WF.
Good Luck
Scott
05-07-2019 10:01 AM
Hi Wanda,
We do this our our environment with a keyword named "Authorized Users" that we use as a security keyword. Our general user group is set up the same way as yours (our unity form sets the Authorized Users keyword to the current user name property when the form is new and our general user group has the security keyword mapped to username). Once the form is submitted, it enters workflow and we then set a second instance of the Authorized Users keyword to "HR." The HR user group has the "Authorized Users" keyword mapped to "HR" - since they're in both groups and the same security keyword is used across both it works as "or" logic (if the keyword matches their username or it is HR, the document is visible for the HR group). This allows them to see all of the forms. The Sys Admin MRG has a few additional examples and considerations (ex: it's worth noting that some functions, like retrieve by document handle, don't respect security keywords, and so you may want to look at locking those functions down).
Thanks,
Nick
05-07-2019 09:56 AM
Hi Wanda
I had the very same problem. Here is my work-around:
1) Add a second instance of the useid KW called "HRUSERS" to all the forms as they are submited with the appropriate WF action.
2)In the HR User group, add a static security KW user id = "HRUSERS"
3) Create a small WF with a timer and NO doc types configured to it for reprocessing the existing forms.
4) create s system task to add the existing form to the reprocessing WF.
Good Luck
Scott
05-07-2019 12:52 PM
Thank you it's working!
05-07-2019 10:01 AM
Hi Wanda,
We do this our our environment with a keyword named "Authorized Users" that we use as a security keyword. Our general user group is set up the same way as yours (our unity form sets the Authorized Users keyword to the current user name property when the form is new and our general user group has the security keyword mapped to username). Once the form is submitted, it enters workflow and we then set a second instance of the Authorized Users keyword to "HR." The HR user group has the "Authorized Users" keyword mapped to "HR" - since they're in both groups and the same security keyword is used across both it works as "or" logic (if the keyword matches their username or it is HR, the document is visible for the HR group). This allows them to see all of the forms. The Sys Admin MRG has a few additional examples and considerations (ex: it's worth noting that some functions, like retrieve by document handle, don't respect security keywords, and so you may want to look at locking those functions down).
Thanks,
Nick
05-07-2019 12:52 PM
Thank you! it's working!
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.