Non-admin users can edit some user fields

Riya17 · ‎10-23-2018

Hi,

I need to prevent non-admin users from editing any of the user fields. Only admins should be able to edit user records. How can I set ACL for this?

Thanks

Riya

Ajaykumar1 · ‎10-23-2018

Hi Riyak,

Create an ACL on sys_user table by elevating the security admin role.

type : record

Operation : Write

Advanced : True

Name : user [sys_user] : none

Role : admin

Script : answer = true;

Mark if Correct/Helpful.

Regards,
Ajay

View solution in original post

Ajaykumar1 · ‎10-23-2018

Hi Riyak,

Create an ACL on sys_user table by elevating the security admin role.

type : record

Operation : Write

Advanced : True

Name : user [sys_user] : none

Role : admin

Script : answer = true;

Mark if Correct/Helpful.

Regards,
Ajay

Jaspal Singh · ‎10-23-2018

Hi,

Create ACL of type write on User table with below combination with Admin overrides marked as True.

Also, make sure there exists only 1 ACL of type write on the User table.

Thanks,

Jaspal Singh

Hit Helpful or Correct on the impact of response.

Chuck Tomasi · ‎10-23-2018

I wouldn't recommend making ALL fields off limits to users. They may want to change things like their date format for example. Check the fields and ensure you have the right roles and entitlements/restrictions on each field.

Jeff Currier · ‎10-23-2018

Out of the box, there are many ACLs on sys_user. You would want to look at what is currently enabled: System Definition -> tables and examine the Access Controls related list. You will see many for create, write, delete and read. You may want to focus on the ones with write if that is your concern. You can uncheck activate if you want to "remove" some of those ACLs. However, be careful. Most of these are there for a reason, so you want to understand why they are there. Some may be used by APIs or interfaces.