Give users CREATE rights on sys_user_grmember table using an ACL

mr_t · ‎05-23-2022

Hi,

I wanted to give certain users CREATE rights to sys_user_grmember table.

I created a user group for those users. It contains one role: a3m_create_groupmember_table (elevated privilege)

I created a new ACL on that table:

When a member of the group executes a script that adds another user to an ADMIN group, I get this error:

Could anyone explain why this is happening?

Thanks,

T.

chrisperry · ‎05-23-2022

Hi there,

Please update your ACL name to replace the '*' portion with '--None--' . That will give table-level create access instead of field-level create access that is currently configured with '*'.

If this answer is helpful please mark correct and helpful!

Regards,

Christopher Perry

If this answer is helpful please mark correct and helpful!

Regards,
Chris Perry

mr_t · ‎05-23-2022

Thanks Christopher, but I am afraid this did not work.

chrisperry · ‎05-23-2022

I saw the note at the end of your original post: "When a member of the group executes a script that adds another user to an ADMIN group"

It is likely that if the user who is trying to execute this script does not have admin role themselves, then they will not be allowed to add the user to an ADMIN group because adding the user would grant them admin role.

Does the script work for non-admin groups?

If this answer is helpful please mark correct and helpful!

Regards,

Christopher Perry

If this answer is helpful please mark correct and helpful!

Regards,
Chris Perry

mr_t · ‎05-24-2022

Yes, it works with non-admin groups, but my goal is to add a user to an admin group. Is there a way to do this? I've tried script includes, business rules, schedules. Nothing works for me - I keep getting access denied.