Before-Query Business Rule blocked by ACL

oacp
Kilo Contributor

‎12-16-2016 05:48 AM

I am currently working with ACLs and before-query business rules and am using a Test User.

I have a row-level ACL on a Test table which allows the Test User access to the table. However, I also have a field-level ACL on the Test table which locks one of the fields down to a role that Test User doesn't have. In my before-query business rule, I want to filter the records based on this field.

However, because Test User does not pass the ACL for this field, they receive an error message saying that part of the query has been ignored because of read security rule on the locked down field and no records are displayed to Test User.

How can I get this before-query business rule to apply this query without having to remove the ACL on that field?

Labels:
0 Helpfuls
  • 2,722 Views
3 REPLIES 3

Andrii
Kilo Guru

‎12-16-2016 06:46 AM

In your ACL you may use either "Admin Overrides" or script to allow users with specific role or group to bypass this ACL


0 Helpfuls

georgimavrodiev
Mega Guru
In response to Andrii

‎02-07-2017 06:31 AM

Hello Olivia,





Recently (yesterday, to be honest) I encountered the same issue.
I activated the Plugin called "Skills Management" in order to obtain the skill table in the Global scope of my SNOW DEV instance.
As a result, my custom application obtained similar module: Skills, which references the global one.


I noticed that once I log into the system as a manager of my custom application and navigate to skills - I was seeing the following error message:


"Part of the query on cmn_skill has been ignored because of read security rules on cmn_skill.sys_scope".
In addition, the Skills records were missing. This was as a result of the observed error (the read security rules).



I started investigating this error within my instance and found out that cmn_skill is actually the Skills table, which comes with the Skill Management Plugin and sys_scope is a field in that table, which references Application.



In order to resolve the issue, I performed the following steps:


- Log as System Administrator and elevate your roles to Security Admin (security_admin);
- Ensure that you are in the Global Scope;
- Navigate to System Security > Access Control (ACL);
- Create New and fill in its details as follow:
Type: record;
Operation: read;
Admin overrides: checked;
Active: checked;
Name: Skill (cmn_skill) / Application;


Requires role: +++ Add Your Role Here +++;


- Submit and then click Continue to save the form;



Once I finished with the above steps, I performed a test by logging out and then logging back into the instance as a manager of my custom app.
The issue has been successfully resolved! I was no longer seeing the error message and also the missing Skills records were no longer missing.



So, Olivia, I believe if you perform the same steps and assign the missing read ACL of the respective table of yours to the respective role of yours - then the problem should be fixed for you too.


You may give it a go, if you are still encountering the same issue




Best Regards,
Georgi Mavrodiev



IT Consultant
Do IT Wise



You may visit us in our Web Site: www.doitwise.com


0 Helpfuls

keepintouch_kir
Giga Contributor

‎05-17-2018 06:51 AM

Hello oacp,

 Did you find a solution for this ? We have similar issue in our instance. Kindly let me know if the Before BR worked for you or not.

 Warm Regards

Kiranmai

 

0 Helpfuls