Business Rule seems to ignore Cross-Scope Application Access settings

Go to solution
Andrew Spencer
Tera Contributor

‎11-21-2023 12:30 PM

I'm trying to restrict cross-scope application access to read-only. However, I cannot prevent a malicious business rule from gaining write access to records.

 

Application 1: "Can Update [unchecked]"

AndrewSpencer_0-1700596809219.png

Application 2: "Business Rule - Malicious Script"

AndrewSpencer_1-1700597027172.png

Script runs. Cross-scope write privileges are granted. Records are changed.

AndrewSpencer_2-1700597333157.png

Please help me understand what's happening here.

  • 857 Views
1 ACCEPTED SOLUTION

Go to solution
Aylee Andersen
Kilo Sage

‎11-21-2023 03:52 PM - edited ‎11-22-2023 09:05 AM

Hi @Andrew Spencer,

 

I'm not 100% sure if this is the correct setting, but try setting the "Runtime Access Tracking" field on your sys_app record to "Enforcing" instead of "Tracking".

 

Screenshot 2023-11-21 at 4.50.25 PM.png

 

Hopefully that helps!

- Aylee

View solution in original post

3 REPLIES 3

Go to solution
Aylee Andersen
Kilo Sage

‎11-21-2023 03:52 PM - edited ‎11-22-2023 09:05 AM

Hi @Andrew Spencer,

 

I'm not 100% sure if this is the correct setting, but try setting the "Runtime Access Tracking" field on your sys_app record to "Enforcing" instead of "Tracking".

 

Screenshot 2023-11-21 at 4.50.25 PM.png

 

Hopefully that helps!

- Aylee

Go to solution
Andrew Spencer
Tera Contributor
In response to Aylee Andersen

‎11-21-2023 04:01 PM

That worked! Thank you!

 

AndrewSpencer_0-1700611270019.png

 

0 Helpfuls

Go to solution
G24
Kilo Sage

‎11-18-2024 08:22 AM

Additional information may be found here:

Runtime Access Tracking / Cross-Scope Access / Caller Access 

0 Helpfuls