Analysts can't see Email Templates of their scope in Compose Email

Evgeniia
Tera Contributor

We are working with the Data Loss Prevention application and its DLP IR Analyst Workspace. For DLP Analysts (sn_dlir.analyst) we would like to utilize the OOTB feature of composing emails from incidents and applying email templates for that. But there is however an issue about no templates being available for selection, although the number of available templates is shown. 

Evgeniia_0-1742165555691.png
The Analysts have access to the Email Client Template table in general - they can see the templates from Global scope, for example.

Evgeniia_1-1742165792001.png

But for DLP Admins (sn_dlir.admin) the feature is working fine and template of DLP scope is visible in the table view.

 

Evgeniia_2-1742165846228.png

The read ACL to the template table does not have any conditions, also no query Business rules could be relevant.
I am struggling to understand, what could be preventing records of DLP scope from being visible - but only for analysts, not admins?

Thank you!

1 ACCEPTED SOLUTION

Jason Bracewell
Tera Expert

Good day, all,

 

We ran into the same issue in our environment today with templates created in a different scoped application that has an scoped admin role.  This support knowledge article solved the issue for us - KB0696652 . 

 

When a scoped application has an administrative role defined within the scope, ACLs on tables created in different scopes, such as Global in the case of the Email Client Template table, are not evaluated the same way.  You need to created appropriate read and query_range ACLs within the application scope to that table granting access based on the conditions you configure in the ACL.  Hope this helps.

View solution in original post

2 REPLIES 2

Jason Bracewell
Tera Expert

Good day, all,

 

We ran into the same issue in our environment today with templates created in a different scoped application that has an scoped admin role.  This support knowledge article solved the issue for us - KB0696652 . 

 

When a scoped application has an administrative role defined within the scope, ACLs on tables created in different scopes, such as Global in the case of the Email Client Template table, are not evaluated the same way.  You need to created appropriate read and query_range ACLs within the application scope to that table granting access based on the conditions you configure in the ACL.  Hope this helps.

Hi Jason, many thanks for replying. This is also what we did in the end - a scoped read ACL for analysts solved this issue.