ACLs not working on new dev tenant, worked on previous two

snow2p
Tera Expert

I have an update set that I use to add a custom role w/ACLs that allows an integration user to list incidents with a particular assignment group. The update set has been tested on and works with Xanadu, Washington DC. and Yokohama dev instances multiple times. This time, however the read ACLs are not working on a fresh new dev instance. I used debug security to look at the ACLs that are firing. The rows with the 4 green checkboxes are my read ACLs, and they are all passing except for one, read/Incident.work_notes (next image)

snow2p_0-1751410995629.png

Incident.work_notes/read also passes, but I do see failures for incident.work_notes_list, which has never prevented me from listing incidents in the past

snow2p_1-1751411371284.png

In the list of ACL debugging, the only read failure I have on trying to view incidents is the incident.work_notes_list. 

The ACLs are currently working on other test servers and dev servers in Yokohama, so I'm looking for suggestions on where to look next to resolve this issue or find the conflicting ACL if there is one.

Thanks in advance for your help.

1 ACCEPTED SOLUTION

Chaitanya ILCR
Kilo Patron

Hi @snow2p 

Try the access analyzer 

It will point out the specific ACL

https://youtu.be/7CDvUAV0Zqs?si=TwkSmMxjR7mXDL55

 

Regards 

Chaitanya 

View solution in original post

2 REPLIES 2

Chaitanya ILCR
Kilo Patron

Hi @snow2p 

Try the access analyzer 

It will point out the specific ACL

https://youtu.be/7CDvUAV0Zqs?si=TwkSmMxjR7mXDL55

 

Regards 

Chaitanya 

snow2p
Tera Expert

I had to add the "report_view" ACL to the role, in spite of not needing it for other Yokohama, Xanadu, and Washington DC configurations and also not running ANY reports on the incident table for the user.  The inconsistency of requiring the ACL in one instance of Yokohama and not the another doesn't seem like a real solution, but it did resolve my problem, so I'm posting it here for others just in case. Similarly, Chaitanya's suggestion to used Access Analyzer helped focused my debugging, so I have accepted that solution.

snow2p_0-1751478517958.png