I searched a bit and couldn't find quite what I was looking for, but I'm sure it's been discussed before. Does anyone know how or if ACL/security is tied in specifically with the ESS view?
I noticed when working with the Self Service application/modules that one of our lists was not showing data in the Requested For column, even though it was showing the records themselves (no security constraint) but then when I clicked into the record, into the form view, I could see the data that was previously missing in the list view. My first thought was ACL's and security debugger to identify which rule was failing.
Once i found it in the debugger, I discovered was failing on the ACL for sc_request/read, specifically with the conditions (2nd column)
I clicked on the link to the ACL to validate the conditions, and by my estimation, (opened by or requested for) I was matching for the impersonated user. I then clicked on the link under conditions that indicated "User not allowed to access table: sc_request". This took me to a list view where I could see the missing data (requested_for) in the list view, filtered to my user as the opened_by or requested_for on the record.
I then compared the URLs from my module link and from the ACL's list view, and noticed that the ESS view was on one (the SS module link), but not the other. I then compared the debugger results with and without the ESS view param on the SS module URL and low and behold, list data was there and the condition check passed when the ESS view was not passed into the URL. (&sysparm_view=ess).
My next steps are to try and replicate the results in my dev sandbox running the same patch level to see if it's something we've done in our instance ACL's, but really, the reason for my post is that I'm just curious to the relationship of the ESS view and security/ACL's.
Thanks,
Daniel
I was checking table for "My Request". This is on Task table so you can't get Requested for here.
Ok, so I understand where you were coming from now, but that's not directly what I was inquiring about. Let me show you different screenshots from my dev sandbox. I was able to replicate this scenario in my Dev sandbox. For the "Requested Item" module link under the Self Service application (which points to sc_req_item). If we add the Requested For and Opened By columns to the list layout, under the ESS view (&sysparm_view=ess), the column does not populate the Requested For, when it's not the SS user logged in. But when you click into the record, you can see the user name on the Requested For.
if you remove the (&sysparm_view=ess) from the module link for Requested Items, it shows the name in the list view. So my question is, do you know how or if ACL/security is tied in specifically with the ESS view? No ACL's were updated for this in my dev sandbox.
-Daniel
Without (&sysparm_view=ess), remove ESS from the view field on the module link
