Cross scope privilege

tom1111
Tera Contributor

‎02-13-2025 10:59 AM

Hi guys, 

can someone please help me? I have a scoped application and on one table I have an application menu module ,,approvals,, which refers to Approval table in global scope sysapproval_approver. I need for fulfiller to be able to modify and read the approvals (only from scoped app) and for approval just to see it, not modify. I have set the ACLs, cross scope privileges and still if i impersonate the the users with that roles, it shows me the same error and allows me modify only something. I am really desperate and spend almost 5 hours trying to solve it. Please please help me somebody 😅😭 

 

Preview file
121 KB
Preview file
124 KB
Preview file
335 KB
Preview file
328 KB
Preview file
324 KB
Preview file
263 KB
Preview file
169 KB
Preview file
288 KB
0 Helpfuls
  • 2,460 Views
3 REPLIES 3

Martin Friedel
Mega Sage

‎02-16-2025 01:14 AM

Hello, I think you have to allow Cross Scope Privileges where Target Scope is your custom application/table. As you can see in error messages, global application is trying to access your custom table.

 

First, try to check if there are records in Cross Scope Privileges table [sys_scope_privilege] where Target scope is your custom app scope and state is Requested. If such records exist, change state to Allowed.


Or allow read operation from another scopes to your custom table:

  1. Open Tables table [sys_db_object]
  2. Find your custom table, open it
  3. Go to tab 'Application Access'
    • Set Accessible from: All application scopes
    • Can read: checked

table_access.JPG

This approach will allow read access from all other scopes. If you want to have is more strict, handle it by creating Cross Scope Privilege records for read operation from your app scope/table.

 

If my answer helped you, please mark it as correct and helpful, thank you 👍
Martin

0 Helpfuls

tom1111
Tera Contributor
In response to Martin Friedel

‎02-16-2025 06:08 AM

Hello, thank you for your reply, unfortunately it is still the same. I set the CSP with target scope to my scoped app and it's allowed. And if I go to Application Access on my custom table, I have checked there ,,can read,, and the other ones are unchecked, but if I want to check Can update or others (BTW right click anywhere dont work on this table record, I have no idea why) and save it by ,,update,, it, it throws me away to tables list and the change is not saved, still only can read is checked. But even if I have checked can read and after checking everything it still throws ,,Read operation on table 'x_1533026_business_business_impact_assessment' from scope 'Global' was denied. The application 'Global' must declare a cross scope access privilege. Please contact the application admin to update their access requests.,, 

0 Helpfuls

Martin Friedel
Mega Sage
In response to tom1111

‎02-16-2025 01:09 PM

Could you share screenshots of:

  • Table Application Access tab
  • List of records in table sys_scope_privilege with condition: Source Scope = your application OR Target scope = your application
0 Helpfuls