ACL not working as expected

Go to solution
David Cross
Tera Expert

‎06-14-2024 05:26 AM

i have 2 users [ User A (u_roleX) , User B (u_roleY) ]

Table : DEMOx [ Auto role created : u_roleX ]

now, 

i have modified 2 READ ACL's
Table.none with script 

if (gs.getUser().hasRole('u_roleX')) {
    answer = true;
}

Table.* with script with the same script, 

if (gs.getUser().hasRole('u_roleX')) {
    answer = true;
}
But still User A is not able to view any record and getting security error /..... PLease help 
0 Helpfuls
  • 804 Views
2 ACCEPTED SOLUTIONS

Go to solution
Mark Manders
Mega Patron

‎06-14-2024 05:37 AM

First of all: why do you use an ACL script? Just add the role to the ACL in the roles field and you have the exact same functionality, without the system having to evaluate a script. You are making it extra hard on yourself.

 

Have you used the security debugger to see what ACL is blocking the access? Get rid of your script, just add the role to the ACL instead of scripting and check. If the issue persists, use the security debugger.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

View solution in original post

Go to solution
KevinBellardine
Kilo Sage

‎06-14-2024 05:44 AM - edited ‎06-14-2024 05:45 AM

I wouldn't use the script, just put the role in the role section of the ACL. You can also use the security debugger, if you enable it before impersonating someone you can use it for the impersonated user. It's a lot of information but it's pretty invaluable for things like this.

As a last ditch effort you can try clearing the cache, sometimes roles get cached especially when you're impersonating users.

View solution in original post

2 REPLIES 2

Go to solution
Mark Manders
Mega Patron

‎06-14-2024 05:37 AM

First of all: why do you use an ACL script? Just add the role to the ACL in the roles field and you have the exact same functionality, without the system having to evaluate a script. You are making it extra hard on yourself.

 

Have you used the security debugger to see what ACL is blocking the access? Get rid of your script, just add the role to the ACL instead of scripting and check. If the issue persists, use the security debugger.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Go to solution
KevinBellardine
Kilo Sage

‎06-14-2024 05:44 AM - edited ‎06-14-2024 05:45 AM

I wouldn't use the script, just put the role in the role section of the ACL. You can also use the security debugger, if you enable it before impersonating someone you can use it for the impersonated user. It's a lot of information but it's pretty invaluable for things like this.

As a last ditch effort you can try clearing the cache, sometimes roles get cached especially when you're impersonating users.