Can we create ACL for table in different scope?

Ankita Kolhe
Tera Contributor

‎08-07-2023 09:54 PM

Hi Community,

 

I have created read ACL for custom app on sys_search_source & m2m_search_context_config_search_source  table that is in global scope.

The ACL which I created is not working.

 

OOB ACL:-

AnkitaKolhe_0-1691469478979.png

 

AnkitaKolhe_2-1691469637100.png

This OOB ACLs is calling the property & which is returning the roles

 

AnkitaKolhe_3-1691469777002.png

The issue is I created the read ACL for custom app with below details:-

type-read

tables-sys_search_source & m2m_search_context_config_search_source

roles- custom roles

 

But the above ACL  is not working i.e Users don't have access to global search in workspace. However if I add the roles of custom app in the property that is mentioned above then this is working perfectly fine but we don't want to modify anything out of our scope. So is there any alternative to not touch the property that is on global scope &configuration to be done in same scope only?

 

Thanks,

Ankita

0 Helpfuls
  • 862 Views
1 REPLY 1

-O-
Kilo Patron
Kilo Patron

‎08-08-2023 04:57 AM - edited ‎08-08-2023 04:58 AM

ScopedGlideSession does not have a hasRole method.

You could use gs.getUser().hasRole(gs.getProperty('...')) instead.

Also I would make sure that specifying the role in a property is really necessary and I would give it up to be able to use the "Requires role" embedded list instead.

Perhaps create a new role just for this purpose, use it in the ACL Requires role embedded list and if configuration is really needed, add this new custom role to the inclusion list of other roles - thus avoiding - what I consider to be - an unnecessary property.

0 Helpfuls