Does anyone else use Script Includes for code in ACLs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2019 09:40 AM
Personally I'd never done it... but I noticed on Patch 4 of Madrid they added an ApproverUtils() SI and it's used on ACLs. Doesn't this defeat the purpose of ACLs in some respects. You can now modify who could/couldn't approve something simply by changing the SI. This seems to bypass some of the security in needed in the security admin role... and elevating your roles to modify ACLs.
I'm sure this isn't the first one... just the first one I've noticed.
- Labels:
-
Best Practices
-
Scripting and Coding
- 2,045 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2019 01:26 PM
I certainly agree that there are many 'we shouldn't have to do this' things when working throughout the platform. Unfortunately the nature of the beast is that as the platform is evolving not all facets of particular solutions are going to check off every box for all users. With the customization's that everyone can perform each is able to modify the given solutions (or build new ones) that meet particular end goals. Hopefully though some of these customization's will be adopted into actual future releases for others to take advantage of.
