user_admin Role no longer works

Go to solution
Brian Lancaster
Tera Sage

‎09-16-2015 06:44 AM

Ever since we upgraded to Fuji user who have the user admin role are no longer able to see any users.   When they click on Users under User Administration menu they get the following error   "Security constraints prevent access to requested page".   Any thoughts on what might cause this?

0 Helpfuls
  • 1,436 Views
1 ACCEPTED SOLUTION

Go to solution
bernyalvarado
Mega Sage
In response to Brian Lancaster

‎09-16-2015 07:50 AM

Hi Brian,



Thanks for the clarification.



You must have a read ACL with the name of sys_user. This ACL is at the table label. If it doesn't exist then nobody (except system admins) will have access to your sys_user table (unless your system is configured to allow by default access to everybody to anything).



If it doesn't exist, you may want to create that ACL at the table label. Table: sys_user Field: - NONE -. You can make it open since in theory anyone should have access to the sys_user table.



Thanks,


Berny


View solution in original post

0 Helpfuls
14 REPLIES 14

Go to solution
Brian Lancaster
Tera Sage
In response to bernyalvarado

‎09-16-2015 07:33 AM

Admin role is not having the issue.   The user_admin role is the one that cannot see the users.   I found two sys_user.* read rules.   One has no scripts or roles in it which is everybody has read and the second has a script in it which is below.



if (gs.getUserID() == current.sys_id || gs.getUser().hasRoles())


      answer = true;


else


      answer = false;


0 Helpfuls

Go to solution
bernyalvarado
Mega Sage
In response to Brian Lancaster

‎09-16-2015 07:50 AM

Hi Brian,



Thanks for the clarification.



You must have a read ACL with the name of sys_user. This ACL is at the table label. If it doesn't exist then nobody (except system admins) will have access to your sys_user table (unless your system is configured to allow by default access to everybody to anything).



If it doesn't exist, you may want to create that ACL at the table label. Table: sys_user Field: - NONE -. You can make it open since in theory anyone should have access to the sys_user table.



Thanks,


Berny


0 Helpfuls

Go to solution
bernyalvarado
Mega Sage
In response to bernyalvarado

‎09-16-2015 07:56 AM

Or you can also restrict it using a similar script like the OOB one you shared before:



if (gs.getUserID() == current.sys_id || gs.getUser().hasRoles())



       answer = true;



else



       answer = false;
0 Helpfuls

Go to solution
Brian Lancaster
Tera Sage
In response to bernyalvarado

‎09-16-2015 07:58 AM

That was it.   We only had the sys_user.* read rules as soon as I created one for sys_user it worked.   It also fixed the issues when a user click on the magnifying glass next to the assigned to field for example they would get the security warring.


0 Helpfuls

Go to solution
bernyalvarado
Mega Sage
In response to Brian Lancaster

‎09-16-2015 08:17 AM

Terrific!


0 Helpfuls