This issue is based on a Known Error article and something I have raised some time ago.
However I did not find any suitable workaround nor did the TSE in a Case resolve my issue.
Therefore I would like to ask if anyone has an idea.
Known Error Article:
Also the Problem behind is "Won't Fix".
The issue can be shown quite simple:
So the user should not see the cell value here. The field level ACL denies the read access.
However the aggregate just does not care and uses it in the sum.
Of course a Sum of only one value can be easily "guessed".
Also another example
We know the profit of "Canada" is now "15.2249" although we should not be able to see that.
If we dig into the data (e.g. "Show Matching") we can easily "reveal" all data.
Personally I think this is a Security Issue.
Also the workaround provided by ServiceNow is not really helpful:
This is existing behavior - ACLs are not applied when computing aggregate data.
The recommended approach is to hide that specific column completely with column-level ACL:
field-level ACL: core_company.profits; answer = false; - ACL is applied in list view to each row in that column, but not in aggregate object
column-level ACL: core_company.profits; role = nobody; - column is excluded from list view, aggregate object not available
The say we should remove the field from the list.
But this is not our use case as we require the field to work with.
Business Use Cases are:
- See all Projects but only the project cost of projects where I am the Project Manager
- See all Users but only see the salary of me or users I am the manager
- *....
So there are a lot of use cases where all records should be visible, but only in certain situations an field value should be visible.
Also the Calculation is something we often use as it makes working with certain lists way more convenient.
So basically my question is on how we can restrict the access as read / query_match / query_range ACLS are not honored in the aggregate object.
Any idea?
Thanks.
