I have an update set that I use to add a custom role w/ACLs that allows an integration user to list incidents with a particular assignment group. The update set has been tested on and works with Xanadu, Washington DC. and Yokohama dev instances multiple times. This time, however the read ACLs are not working on a fresh new dev instance. I used debug security to look at the ACLs that are firing. The rows with the 4 green checkboxes are my read ACLs, and they are all passing except for one, read/Incident.work_notes (next image)
Incident.work_notes/read also passes, but I do see failures for incident.work_notes_list, which has never prevented me from listing incidents in the past
In the list of ACL debugging, the only read failure I have on trying to view incidents is the incident.work_notes_list.
The ACLs are currently working on other test servers and dev servers in Yokohama, so I'm looking for suggestions on where to look next to resolve this issue or find the conflicting ACL if there is one.
Thanks in advance for your help.
I had to add the "report_view" ACL to the role, in spite of not needing it for other Yokohama, Xanadu, and Washington DC configurations and also not running ANY reports on the incident table for the user. The inconsistency of requiring the ACL in one instance of Yokohama and not the another doesn't seem like a real solution, but it did resolve my problem, so I'm posting it here for others just in case. Similarly, Chaitanya's suggestion to used Access Analyzer helped focused my debugging, so I have accepted that solution.
