ACL on Security Incident table(sn_si_incident)

charanpreet · ‎02-23-2017

I tried creating acl with read operation , added customised role .

The User can see the list of records in a list view but when the user opens any record, no field shows up on the form but only the buttons.

I have added the role to OOB ACL as well for sn_si_incident.* ACL with read operation

charanpreet · ‎02-23-2017

Yes, I have already tried creating a more specific ACL, at the field level, that works but there are so many fields.

I added customised role to sn_si.read role but that does not work.

Jon Barnes · ‎02-23-2017

I mean, sn_si.read has to be a child of your custom role. So go to your custom role, and then in the Contains Role related list, add sn_si.read. Then make sure that your test user actually got the sn_si.read role after you do that. then try to impersonate and see if it works.

If not, do the security debugging steps as that will tell you for certain which ACL is denying access.

charanpreet · ‎02-23-2017

But in this case the acls configured with role 'sn_si.read' will be true for the user which gives extra priviliges to user.

Is there any other way ?

Jon Barnes · ‎02-23-2017

you can add your custom role to each and every one of those READ ACLs that has sn_si.read on it, for the fields that you need them to be able to read. Or you can create new READ ACLs for each of the field you want your custom role to be able to read. There is not an easier way than the first way though.

swati38 · ‎02-23-2017

Hi Charanpreet,

I remember that in snow, there is a double check. I mean first table access and then field access.

So Why dont you try giving read access to the fields.

Let me know what is your view about this.

Regards,

Swati