ACLs on custom table - need any user to be able to add comments

Go to solution
Brian Workman
Tera Contributor

‎08-01-2018 10:24 AM

I have a custom table, we'll call it table that includes many fields types, including a journal input called comments and another called internal_comments.

We have a requirement to lock this down tight, but, via the portal, we want people to see their own records. 

I have a role for the table u_table_users that has full access to the table except for delete, which is set to admin role.

I managed to get the custom page/widget on the portal to show the details of the record, however, I need for the comments field to be writable for the user. I found that i can achieve this by the table:read and table:write ACL to condition Opened By is (dynamic) me. But, if they have platform access, they can find the record and update it there and I don't want this because they can change other values in the fields. Users do NOT see internal_comments, which I managed.

So, what I'm looking for is this:

On the Portal

Any user be able to read/write to comments and read every other field except internal_comments.

On the Platform

Any user can read all fields except internal_comments and be able to write to comments field only.

Labels:
0 Helpfuls
  • 2,831 Views
1 ACCEPTED SOLUTION

Go to solution
scott barnard1
Kilo Sage

‎08-02-2018 12:58 AM

Just looks like you need a read ACL for all fields with no role. That way anyone can see everything.

A write ACL for the table role to all fields. This gives roled user access to write to the fields and also bars users without the role writing to fields.

A write ACL for the comments field that is opened by dynamic is me. This deploys after the roled acl prohibition as it is more specific.

 

Note that read is not enough for the comments field as it's a journal record input field. Without write access they just will not see the box.

They will see the activity stream if you have one etc.

 

 

View solution in original post

8 REPLIES 8

Go to solution
scott barnard1
Kilo Sage

‎08-01-2018 12:19 PM

Odd the title and the dialog do not match

So you have a record that anybody not just the creator or the fullfiller community can access?

 

Are you sure you want to do that?

 

Maybe worth a few moments to think about just what "any user" means

 

Do we mean a person submits a request and any 1 or 3 managers can comment

Or do we mean any user bored of instagram can browse to it and post?

 

Please describe your use case a bit more

0 Helpfuls

Go to solution
Brian Workman
Tera Contributor

‎08-01-2018 12:38 PM

I will clarify. 

u_table_users role can do anything in this as it is their custom table and they need all the accesses (except delete). this part is done.

any user who does not have the u_table_users role needs to be able to see THEIR OWN and be able to enter comments into the comments field of a record where opened_by is that person on the portal, but not in the record form on the platform.

 

 

0 Helpfuls

Go to solution
Mark Stanger
Giga Sage
In response to Brian Workman

‎08-01-2018 12:57 PM

Check out the ACLs for the incident table (both record level and those for the 'Comments' and 'Work notes' fields).  They work almost exactly like what you're describing.  You should be able to just copy the logic and change table/field names where necessary.

0 Helpfuls

Go to solution
scott barnard1
Kilo Sage

‎08-02-2018 12:58 AM

Just looks like you need a read ACL for all fields with no role. That way anyone can see everything.

A write ACL for the table role to all fields. This gives roled user access to write to the fields and also bars users without the role writing to fields.

A write ACL for the comments field that is opened by dynamic is me. This deploys after the roled acl prohibition as it is more specific.

 

Note that read is not enough for the comments field as it's a journal record input field. Without write access they just will not see the box.

They will see the activity stream if you have one etc.