- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-27-2019 02:01 PM
I have a table I created in a scoped app and when I was creating this table I selected "Create Access Controls" checkbox in the Controls tab. After some thinking I decided that users should not be able to create or delete records in this table so I elevated my role to security_admin and deleted these two access controls from the table. I tried to see if I was able to create and delete records by logging into a user account and for some reason I was still able to do so. Is there something I missed that's allowing records to be created and deleted?
Solved! Go to Solution.
- Labels:
-
Personal Developer Instance
-
Studio
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-27-2019 02:15 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-27-2019 02:05 PM
Hi, without visibility of your configuration it is not possible to give a valid\correct answer.
If you enable security debugging and then impersonate your test user, you will be able to see which ACL's are allowing the user to undertake CRUD actions as you run through your tests.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-27-2019 02:15 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-27-2019 02:23 PM
Create a new ACL for create and delete,, provide the correct roles like admin or security_admin to whom you want the privilege access to create or delete the records, users without this role would not be able to create or delete anything. Now impersonate some other user with itil or other roles and verify that they can not create or delete any records.
Kindly mark my answer as Correct and Helpful based on the impact.
