Not able to set the ACL correctly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2024 04:10 AM
Scenario : I have created a custom table i.e abc, it has three field a,b and c. There are no ACL created for the table by default as I unchecked that option.
I have created 3 roles : abc_read, abc_user, and abc_amdin.
I want:
1) abc_read = able to see all the records.
2) abc_user = able to create records, and update records accept update c field.
3) abc_admin = able to create record and update all fields.
How can I wrtie the ACLs, to achive this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2024 04:18 AM
@HrishabhKumar Here is what you should do
You can use role inheritance in this case.
1. At the root you should have the abc_read role
2. Role abc_user should contain the abc_read role
3. abc_admin should contain abc_user and abc_read role
1.Read ACL: Create a table.None and table.* Read ACLs on your table and add abc_read role in the role list
2. Create and Write ACL:- Create a table.None and table.* Create and Write ACLs on your table and add abc_user role in the role list
3. Write ACL for c field: Create a table.C (field) Write ACL and add abc_admin in the role list.
Hope this helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2024 04:29 AM
Hello @HrishabhKumar ,
To fulfil your requirement, following ACLs have to be defined -
1) abc_read = able to see all the records -> To be able to see all the records, table.* and table.none ACL goes hand in hand. So, both abc.* (READ) and abc.none (READ) ACL has to be created and well defined.
2) abc_user = able to create records, and update records accept update c field. -> All field read ACL; all record read ACL and create ACL would be needed. (abc.none - READ, abc.* - READ (if all fields readability to be enabled), abc - create ACL)
3) abc_admin = able to create record and update all fields. -> (abc - create; abc - update, abc.none, abc.*)
You can merge your above scenarios to avoid creating multiple ACL with similar conditions.
Let me know if it helps.
Mark this as Correct/Helpful if above info. helps in any way and help in closing this thread.
Regards,
Shubham
