Table Level ACL is overriding Field level ACL? Howto override Table level ACL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2019 06:11 AM
Hi,
I have table called HRProfile it has some ACL's on it
1. HRProfile allowed to all
2. HRProfile.* allowed to only if record belongs to logged in user or some xx role and if the field is belongs to some predefined hardcoded fields
now i have added one new field to the table and it should be visible to only perticular role people so i have created 3rd rule
3. HRProfile.area allowed to only perticular role but due to above 1 & 2 ACL's it is not working means if the user is not belongs to perticular role they are able to read the field value.
Note : I don't want to disturb/Edit the 1 and 2nd Rules, without touching 1 and 2 i should achieve this.
How to achieve this .
Thanks
JG
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2019 06:17 AM
ACLs are designed to be permissive by default, no matter how many different ACLs you have (let's say 5), even if 4 of them would disallow, if just 1 of them will allow, then the user is allowed. The best strategy is to have your HRProfile.* disallow access for all fields. Then add 1 ACL per field you want to expose, starting with HRProfile.area as a validation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2019 06:20 AM
Hi,
Thanks For your reply. As I said i am not allowed to touch any existing ACL's, based on your saying i think I have to go some other way to hide the column (like Client Script or UI policy) rather than ACL.
Thanks anyway.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2019 06:51 AM
Hi ,
You can Achieve this by Creating Display Business Rule and Onload Client Script.
Step 1: In the Display BR first check the role of Current logged in user to which you want to show that field.
If role is matched then by using g_scratchpad you have to pass it as true
and if role is not matched then pass to false.
Step 2: Now create onLoad client Script, and get the g_scratchpad in 1 variable.
And check this variable value == true
then you can set that particular field Visible by using g_form.setVisible('field_name',true);
Regards,
Sanket
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2019 07:00 AM
Please Refer below Code :
Display Business Rule:
(function executeRule(current, previous /*null when async*/) {
if(gs.hasRole('itil')) //add your role
{
g_scratchpad.data = true;
}
else
{
g_scratchpad.data = false;
}
})(current, previous);
OnLoad Client Script:
function onLoad() {
//Type appropriate comment here, and begin script below
alert(g_scratchpad.data);
if (g_scratchpad.data == true) {
g_form.setVisible('business_service',true); //add your field 'area'
}
else
{
g_form.setVisible('business_service',false); //add your field 'area'
}
}
Can you mark my answer as Correct, Helpful if you were able to achieve the requirement & then close the thread.
Thanks in advance.
Regards,
Sanket
