Access Controls: Table.none vs Table.* - what's the difference

martinsk
Mega Expert

‎10-06-2017 03:58 AM

Hi

Can someone clarify the difference is between a field-level acl in the form table.* and a record-level acl for that table? I'm assuming the wildcard scoops up all fields in the table, so what is it achieving that the table-level one isn't?

Thanks in advance.

Martin

  • 10,200 Views
9 REPLIES 9

Bhargav Reddy2
Kilo Contributor
In response to snehabinani26

‎07-26-2020 04:14 AM

Great explanation

Merrindal Routl
Tera Contributor
In response to snehabinani26

‎11-17-2024 05:15 PM

What a fabulous analogy.  I'm going to keep this to show to others.

 

0 Helpfuls

Shruti Sathe
Tera Contributor
In response to snehabinani26

a week ago

Easy to understand. Great explanation!

0 Helpfuls

DilipKumar DJ
Kilo Guru

‎10-06-2017 04:12 AM

Hi Martin,



Basically the answer is simple yet tricky. Table.None is used when you are not bothered about columns and this only take care of records/rows.


Table.* comes to picture when your focus comes to field level , say you want to control the column access like making all read only. Also overriding the other ACL with table.column1/2/3.


Prathmeshda
Mega Guru

a week ago

Hello @martinsk 
Table.none: This is a row-level ACL. It controls whether a user can access the records (rows) of a specific table. Think of it as the gatekeeper to the entire set of data within a table. If a user does not have the necessary permissions granted by a Table.none ACL, they will not be able to see or interact with any records in that table, regardless of field-level permissions.
Table.*: This is a field-level ACL. It acts as a wildcard, applying to all fields on the specified table. It controls whether a user can access the individual data points (fields) within the records of that table. This ACL comes into play after a user has been granted row-level access through a Table.none ACL (or other means).

Scenario : Read Access with Table.none and Table.* (Admin)

Now, let's say you have the same READ ACL with Table.none for both Admin and ITIL, and you add another READ ACL with Table.* specifically granting access to the Admin role.
Result: Both Admin and ITIL users will still be able to view all Incident records and their fields. The Table.none ACL already provides row-level access. The addition of Table.* for Admin explicitly grants read access to all fields, which they already had implicitly. It doesn't change the outcome in this scenario.

Table.none is like having the key to enter the building itself. Without this key, you cannot access any of the rooms inside.
Table.* is like having permission to see the contents of all the rooms inside the building. However, this permission is useless if you don't have the key to get into the building in the first place

If this response proves useful, please mark it as Accept as Solution and Helpful. Doing so benefits both the community and me. 👍🙂

0 Helpfuls