UI policy is overriding ACL

SD29 · ‎07-18-2017

Hi All,

I have a requirement where when an Asset record is created and data is entered into some fields those fields should be made read only, to achieve this i have written a UI policy and given the conditions as needed. But at the same time i have to give edit capability only for Admins. To Achieve this i tried creating ACLs on the required fields but as an admin I am unable to edit the fields. The Ui policy is taking over ACL

As far as i know the ACLs will override anything.

Please help!

Thanks,

SD

Sadasiva Reddy · ‎07-18-2017

Hi,

If you have created ACL to give edit capability only for admins. then it works in both the cases why you have created UI policy then.

Regards,

Sadasiva

Please mark helpful/ correct based on the impact

Harsh Vardhan · ‎07-18-2017

why don't you use only acl . making field read only through ui policy's are easily breakable.

SD29 · ‎07-19-2017

Hi Harsha,

How can i use only ACL. I need to lock down the fields for all users except for admins when the data is entered and the record is saved. when i tried using ACL it's not allowing the users to edit the fields in a new record.

Thanks,

SD

gauravchoudhury · ‎07-18-2017

Hello,

I suppose you may need to revisit the ACL rules you have setup. The best way to figure it out is isolate the two; turn off your UI policy and try to make the ACL rule work.

The problem could reside while setting up the ACL rule.

Something that should help while setting up ACL rules at field or table level,

Field ACL Rules

Field ACL rules are processed in the following order:

Match the table and field name. For example, incident.number.
Match the parent table and field name. For example, task.number.
Match any table (wildcard) and field name. For example, *.number.
Match the table and any field (wildcard). For example, incident.*.
Match the parent table and any field (wildcard). For example, task.*.
Match any table (wildcard) and any field (wildcard). For example, *.*.

The first successful evaluation stops ACL rule processing at the field level. This means that when a user passes a field ACL rule, the system stops searching for matching field ACL rules. The user must also pass the table ACL rules to be granted access to the record object. For example, if a user passes the field ACL rule for incident.number, the system stops searching for rules that secure the Number field. The user must then pass the table ACL rules on incident to see the Number field.

Table ACL Rules

In most cases there is not an individual field ACL rule for every field in the table the users is trying to access. If no field ACL rule matches the record object, the user must pass the table ACL rule. Since the base system includes wildcard table ACL rules that match every table, the user must always pass at least one table ACL rule. The base system provides additional table ACL rules to control access to specific tables.Table ACL rules are processed in the following order:

Match the table name. For example, incident.
Match the parent table name. For example, task.
Match any table name (wildcard). For example, *.

Just like with field ACL rules, the system grants the user access to the record object secured by the ACL rule and stops searching for matching ACL rules the first time a user passes a table ACL rule's permissions. A user who passes the table ACL rule for incident has access to all fields in the Incident table. A user who passes the table ACL rule for task has access to all fields in the Task table as well as the fields in extended tables. A user who passes the table ACL rule for any table has access to all fields in all tables.

Also, refer you to these links below for your reference: