How to fix cross-scope access policy : Security restriction issue?

Go to solution
vimal11592
Tera Expert

‎10-07-2016 12:15 AM

Hi,

I have written business role in 'x_y_z'. In business rule I am calling third party application and trying to create some variable set using third party application data.

I used background script tool and came to know that I am facing following issue :

"Security restricted: Create operation against 'item_option_new_set' from scope 'x_y_z' has been refused due to the table's cross-scope access policy"

When I ean the same script in global scope.I am able to create variable set.In my application I have assigned admine and security admin role.

Can someone please help me How to fix the issue or some otherway to create application specific variable set .

Thanks

Vimal

0 Helpfuls
  • 38,273 Views
1 ACCEPTED SOLUTION

Go to solution
Chuck Tomasi
Tera Patron

‎10-07-2016 05:46 AM

Part of the benefit of scoped applications is they can allow or deny access from other tables. This allows them to keep 'private tables' for their application data or allow sharing of the information. This has nothing to do with the user's security, it is application-to-application security. If you go to the tables you are trying to write, you'll see an Application Access tab that defines the cross application access.



find_real_file.png



Cross-scope privilege record


View solution in original post

Preview file
81 KB
14 REPLIES 14

Go to solution
speckledfish
Tera Contributor
In response to Chuck Tomasi

‎10-02-2019 03:02 PM

Hi Chuck.

In a scoped app's table, why would you set "Accessible from" to "All application scopes" if all your scoped app tables are within the scope?

Are there global-scoped players that may need to interact? For example if my table is extended from Task, do I need to have "All application scopes?"

 

When would "This application scope only" be advised?


Thanks,


Rick Forristall

0 Helpfuls

Go to solution
Chuck Tomasi
Tera Patron
In response to speckledfish

‎10-04-2019 06:32 AM

"This application scope" works well if you want to keep your data private from other applications. This says "Hey other apps - global or scoped, don't mess with my data." I tend to use this as the default because I don't want someone else's scripts creating/writing/deleting my records. Reading is USUALLY alright, but your case may vary.

"All scopes" makes it possible for other apps (including global and scoped) to interact with your tables. I only do this when I know another scope (or global) NEEDS to interact with my table.

0 Helpfuls

Go to solution
User332204
Kilo Guru
In response to Chuck Tomasi

‎10-28-2020 07:22 AM

Hello Chuck, looks like you know alot about this. I have a issue where both web services and "All application scopes" are on. But a user in our system can suddenly not comment from the portal. Any tips?

0 Helpfuls

Go to solution
suryaprakash123
Tera Expert
In response to User332204

‎10-28-2020 07:49 AM

@Chuck Tomasi, @Benjamin Sarpong, @speckledfish 

Hi Everyone,

My "All application scope", "Allow Configuration" and "cross-scope access issues, kindly suggest.

 
0 Helpfuls

Go to solution
User332204
Kilo Guru
In response to User332204

‎10-30-2020 04:54 AM

I found the issue, somehow I needed to give "can update" access for the user to be able comment from the portal.  

0 Helpfuls