Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Business Rule seems to ignore Cross-Scope Application Access settings

Go to solution
Andrew Spencer
Tera Contributor

‎11-21-2023 12:30 PM

I'm trying to restrict cross-scope application access to read-only. However, I cannot prevent a malicious business rule from gaining write access to records.

 

Application 1: "Can Update [unchecked]"

AndrewSpencer_0-1700596809219.png

Application 2: "Business Rule - Malicious Script"

AndrewSpencer_1-1700597027172.png

Script runs. Cross-scope write privileges are granted. Records are changed.

AndrewSpencer_2-1700597333157.png

Please help me understand what's happening here.

  • 1,607 Views
1 ACCEPTED SOLUTION

Go to solution
Aylee Andersen
Kilo Sage

‎11-21-2023 03:52 PM - edited ‎11-22-2023 09:05 AM

Hi @Andrew Spencer,

 

I'm not 100% sure if this is the correct setting, but try setting the "Runtime Access Tracking" field on your sys_app record to "Enforcing" instead of "Tracking".

 

Screenshot 2023-11-21 at 4.50.25 PM.png

 

Hopefully that helps!

- Aylee

View solution in original post

3 REPLIES 3

Go to solution
Aylee Andersen
Kilo Sage

‎11-21-2023 03:52 PM - edited ‎11-22-2023 09:05 AM

Hi @Andrew Spencer,

 

I'm not 100% sure if this is the correct setting, but try setting the "Runtime Access Tracking" field on your sys_app record to "Enforcing" instead of "Tracking".

 

Screenshot 2023-11-21 at 4.50.25 PM.png

 

Hopefully that helps!

- Aylee

Go to solution
Andrew Spencer
Tera Contributor
In response to Aylee Andersen

‎11-21-2023 04:01 PM

That worked! Thank you!

 

AndrewSpencer_0-1700611270019.png

 

0 Helpfuls

Go to solution
G24
Kilo Sage

‎11-18-2024 08:22 AM

Additional information may be found here:

Runtime Access Tracking / Cross-Scope Access / Caller Access 

0 Helpfuls