ACL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-05-2025 09:52 AM
Hi experts,
We have below ACLs for read operation on sys_user table.
sys_user with public role
sys_user.* with snc_internal role.
sys_user.name with snc_internal role.
sys_user.email with snc_internal role.
What should be the expected behaviour of these ACLs?
Would an snc_internal user (say Abel Tuter) see only name and email fields? or all the fields on the user table?
If I want Abel to read company field also, should I create another read ACL like sys_user.company with snc_internal role.
TIA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-05-2025 10:18 AM
Hi @si21 ,
- sys_user with public role: This ACL allows any user with the public role to read the entire sys_user table.
- sysuser.* with snc_internal role: This ACL allows users with the snc_internal role to read all fields in the sys_user table except those which have field level acls defied like (name and email in this case)
- sysuser.name and sysuser.email with snc_internal role: This ACL allows users with the snc_internal role to read the name field in the sys_user table. ( you don't need these considering role is not different from sys_user*)
Abel Tuter would be able to see all fields on the sys_user table because of the sys_user.* ACL, which grants access to all fields since he has snc_internal role.
you don't need to create another read ACL for sys_user.company with the snc_internal role, as the sys_user.* ACL already grants access to all fields, including company.
Please mark my answer as helpful/correct if it resolves your query.
Regards,
Chaitanya
