Restricting access to sc_req_item and sc_task records from scoped application
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2024 05:24 AM
I have a scoped application built for User Lifecycle Management. I'm currently building a process for managing user terminations. It has its own catalog item with a very limited role that can submit requests. I've got a custom table with termination details, etc. that is restricted with ACLs.
What I cannot do is:
- Create a query business rule on an out-of-scope table (sc_req_item and sc_task)
- sc_req_item is allowing other tables to access and I tried turning on allow configuration to no avail
- Create read ACL on out-of-scope (sc_req_item and sc_task) table with condition
I'm not sure what my options are, but I'm hoping to prevent users without the 'termination_users' role from being able to see any entries in sc_req_item or sc_task tables for items generated via the termination request catalog item.
What are some other ideas I'm missing that won't lead to a horrible user experience?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2024 06:27 AM
Put a read acl on the req_item/cat_task tables for 'catalog item = your item' to allow only the custom role. It won't be an ACL within your scope, but it should work.
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2024 09:26 AM
Thanks, Mark. I'm hoping to avoid doing this in Global as it means it will not move with the app via the company store. If it's all I've got I'll have to, but I'm really wishing there was a better way!