Results of failing an Access Control (ACL) Rule - Screenshots

G24
Kilo Sage

This Article describes what happens when a user fails an Access Control check (does Not have rights).  For a better understanding, let's explore what that looks like VISUALLY...

 

Read, Write, Delete and Create Access Controls may be defined at the Record-level or the Field-Level...  and they control the behavior of the User Interface on both List Views and Forms.  This leads to 32 different combinations, or scenarios.  (However 12 of the Field Level scenarios don't really apply, since Record-level Access Controls override Field-level Access Controls; these scenarios are marked NA in the chart below.)

 

Let's number our Scenarios, and then look at a picture of each one one in action...

Geoffrey3_1-1667940024358.png

 

Scenarios 0 through 8 show how Record Level Access Controls affect List Views...

 

1.  List View - Record Read Granted

The user can see all records.  Field headers are also displayed.

Geoffrey3_2-1667940024365.png

 

2.    List View - Record Read Denied

The list view appears, and records which were denied are simply filtered out from the list.  (In this example record number CAR001002 has been filtered out.)  The user has no way of knowing if, or how many, records were omitted.

Geoffrey3_3-1667940024370.png

 

...additionally, if Read access to ALL records was denied, the entire list view is hidden as well as the filter, search bar, and field headers. The message "Security constraints prevent access to requested page" is displayed below an image of a vault.

Geoffrey3_4-1667940024377.png

 

3.  List View - Record Write Granted

The user can edit fields directly in the List View.

Geoffrey3_5-1667940024383.png

 

4.  List View - Record Write Denied

The user is unable to edit any fields of the List View and sees the message "Security prevents writing to this field".

Geoffrey3_6-1667940024388.png

 

5.  List View - Record Create Granted

A NEW button appears at the top right of the List View.

Geoffrey3_7-1667940024392.png

 

6.  List View - Record Create Denied

The NEW button is omitted from the top right of the List View.

Geoffrey3_8-1667940024396.png7.  List View - Record Delete Granted

In the "Actions on selected rows" menu, a Delete menu item is present.

Geoffrey3_9-1667940024403.png

 

8.  List View - Record Delete Denied

In the "Actions on selected rows" menu, the Delete menu item is grayed out (disabled).

Geoffrey3_23-1667940929063.png

 

Scenarios 9 through 16 show how Field Level Access Controls affect List Views...

 

 9.  List View - Field Read Granted

**A field may not be read if the record it is contained in has been denied read permission.

 

10.  List View - Field Read Denied

Records are listed, but blank spaces are shown for those fields which failed the Read Access Controls.

If the user tries to Double Click on a field he cannot read, nothing at all will happen.  He will not have the ability to edit that field.

(in this example, the user was denied Read permission for the Color field for records Car001002 and Car001003.)

Geoffrey3_24-1667941094463.png

11.  List View - Field Write Granted

**A field ma not be written to if the record it is contained in has been denied write permissions.

 

12.  List View - Field Write Denied

 The user is unable to edit ONLY those fields for which he was denied Write permission.  Other fields are still editable.

Geoffrey3_25-1667941297325.png

 

 

13.  List View - Field Create Granted

**A field may not be created if the record it would be contained in has been denied create permission.

 

14.  List View - Field Create Denied

**Denying the create permission on an individual field has no effect, if create is allowed at the record level.

 

15.  List View - Field Delete Granted

**Granting the delete permission on an individual field has no effect, if delete is denied at the record level.

 

16.  List View - Field Delete Denied

**Denying the delete permission on an individual field has no effect, if delete is granted at the record level.

 

 

Scenarios 17 through 24 show how Record Level Access Controls affect Form views...

 

17.  Form - Record Read Granted

Here the user can see all fields on the form.

Geoffrey3_26-1667941468264.png

 

18.  Form - Record Read Denied

All fields are hidden from the form.

Geoffrey3_27-1667941494854.png

 

19.  Form - Record Write Granted

All fields are Editable.

Geoffrey3_28-1667941538811.png

 

20.  Form - Record Write Denied

All fields are grayed out and Read Only.

Geoffrey3_29-1667941565623.png

 

21.  Form - Record Create Granted

After the user hits the New button on a list view, or navigates directly to a Record Creation type URL, fields will be Editable and there will be Save and Submit buttons.

Geoffrey3_30-1667941600668.png

 

22.  Form - Record Create Denied

Even if the user navigates directly to a Record Creation type URL, no fields show up for data entry, and there is no Submit button on the title bar or Save menu item in the speed menu.

Geoffrey3_31-1667941658326.png

 

23.  Form - Record Delete Granted

A Delete button is present at the top right of the form.

Geoffrey3_32-1667941684198.png

 

24.  Form - Record Delete Denied

The Delete button is omitted from the top right of the form.

Geoffrey3_33-1667941707399.png

 

Finally, Scenarios 25 through 32 show how Field Level Access Controls affect Form views...

 

25.  Form - Field Read Granted

**A field may not be read if the record it is contained in has been denied read permission.

 

26.  Form - Field Read Denied

Only those fields which deny read access are omitted from the form.  In this case the "Color" field was omitted.

Geoffrey3_34-1667941798981.png

 

27.  Form - Field Write Granted

**A field may not be written to if the record it is contained in has been denied write permissions.

 

28  Form - Field Write Denied

Only those fields for which Write access is denied are Grayed Out and Read Only.

Geoffrey3_35-1667941902691.png

 

29.  Form - Field Create Granted

**A field may not be created if the record it would be contained in has been denied create permission.

 

30.  Form - Field Create Denied

**Denying the create permission on an individual field has no effect, if create is allowed at the record level.

 

31.  Form - Field Delete Granted

**Granting the delete permission on an individual field has no effect, if delete is denied at the record level.

 

32.  Form - Field Delete Denied

**Denying the delete permission on an individual field has no effect, if delete is granted at the record level.

 

Please mark this article as "Helpful" if it helped you in some way.  Thanks!

0 REPLIES 0