About database views and ACLs for sys_email and task tables.

Kurumi
Tera Contributor

‎10-21-2022 03:15 AM

Is there a setting in the ACL of sys_email that restricts viewing only when it is set to View Table in the database view?

I created a database view that joins the sys_email and task tables.

The database view is complete and can be viewed by admin users without issue.

However, for the itil user, the values ​​for the task table columns were displayed, but the sys_email table column values ​​were not displayed and remained blank.

I did some research to find a solution.

So, I created an ACL that gives read permission to users with itil role for the created database view, and now it can be viewed by itil users.

From this result, I think that the cause that I could not browse is due to ACL, but I have a question.

If I open the sys_email table with the itil user I can browse the records without issue. Is there something in the ACL that restricts viewing only when set to the view table in the database view?

If anyone knows, please let me know.




0 Helpfuls
  • 869 Views
3 REPLIES 3

GodOfWar
Mega Guru

‎10-22-2022 06:58 AM

If you don't allow a certain group of user to modify anything then, It's just a view only.

 

Click the Thumbs up below if it helps.

0 Helpfuls

Saurav11
Kilo Patron
Kilo Patron

‎10-22-2022 07:16 AM

Hello,

 

Database view does not have any ACL of it's own. It gives you the access based on the ACL of the tables used in the database view.

 

So which means the ITIL user does not have access to the sys_email table for task records on your instance. 

Are you sure the ITIL role has the permission to read sys_email table record because OOB i can see a ITIL user cannot see many of the records.

 

Saurav11_0-1666448172232.png

 

Please mark answer correct/helpful based on Impact.

0 Helpfuls

Kurumi
Tera Contributor
In response to Saurav11

‎10-23-2022 07:09 PM

Thank you for your reply.
スクリーンショット 2022-10-24 110638.png
Let me ask you a question.
The reply you sent says "the ITIL user does not have access to the sys_email table for task records on your instance"
Even the itil user has tickets in the sys_email table that are partially viewable.
Is it because some tickets cannot be viewed by security like "Number of rows removed from this list by Security constraints: 14"?

Does that mean that all tickets must be visible for use in the database view?

I'm not sure about the ACL on the sys_email table, so please help me.

0 Helpfuls