Explicit field ACL vs All field ACL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2022 09:44 AM
I have a situation where already exist an all field ACL on a table X (i.e. X.*) for a role A
I need to grant role B access to field Y on table X. I need ACL X.Y for role B
While creating the role I saw message >> "masking X.*"
I believe X.* will now exclude field Y as there is now ACL explicit to this field. (I am not sure.)
How do I overcome this situation without affecting role A for X.*?
Challenge here is I am not able to figure out , How to Debug ACL for Service Account (with web service access only)
Any suggestion will be of great help.
Thank you,
Afsar Sheikh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2022 09:53 AM
1. make sure role b has access to the entire table x. Otherwise you the ACL X.Y will not work.
2. give both role A and B access via the ACL for X.Y
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2022 10:26 AM
Thanks @Brian Lancaster ,
point 2 makes sense.
I am not able to test point 1.
Any suggestions how to test ACL's based on roles and not using users with roles?
This way it will help to test ACL for service account roles also.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2022 03:10 PM
I'm note sure what you mean by test roles without users with roles. Point 1 is easy to test. Lets say you wanted to give B write access to Y but you only created an ACL for X.Y for B it would not work. If you you want to give B write access to Y you must first give them write access to X.
