ACL with no roles not working in Yokohama

priyeshm
Tera Contributor

‎03-19-2025 07:02 AM

Hi, 

 

I am upgrading my instances from Washington to Yokohama version , in Yokohama I find that ACL without any roles are not working. We have multiple ACL for end user which don't have any roles, as the end users in my instance don't have any roles, can you please let me know is there any workaround or solution for this scenario, is adding public role cause security risk.

 

Regards

Priyesh

Labels:
0 Helpfuls
  • 965 Views
8 REPLIES 8

lulu773
Tera Contributor

‎03-20-2025 09:27 PM

were you able to find the solution?

0 Helpfuls

JC Moller
Giga Sage

‎04-02-2025 04:21 AM

Any resolution to this issue - did anyone open a ticket with support?

 

- Jan

0 Helpfuls

-O-
Kilo Patron
Kilo Patron

‎04-22-2025 03:18 AM - edited ‎04-22-2025 03:19 AM

This is a new feature in Yokohama, so it is by design.

ACLs that don't contain a role or a security attribute are considered invalid ACLs and are not fulfilled by any user/are failed by any user by default.

In other words you need to fix the ACLs.

0 Helpfuls

-O-
Kilo Patron
Kilo Patron
In response to -O-

‎04-22-2025 03:24 AM

In SN doc. Exploring Access Control Lists  it is stated:

Deny by default behavior

By default the ACL engine completely denies access if an ACL is empty or invalid. Empty ACLs are defined as ACLs without one or more of these components:
  • Defined role
  • Security attribute
  • Data condition
  • Script
Invalid ACLs are defined as:
  • ACLs with roles that do not exist (e.g. have no row in the database)
  • ACLs with Security Attributes that do not exist (e.g. have no row in the database)
  • ACLs with a script that contains "answer=true" or "true"
0 Helpfuls