The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Why Can't I Add Roles To An ACL?

Go to solution
David165
Mega Expert

‎07-18-2019 03:14 AM

Hi

I'm trying to add required roles to an ACL in Studio, but the system won't allow me to do it.

Without elevating my role to include security the entire ACL is read-only, as expected. When I elevate my account, I can edit the ACL and I have the option to insert another role in the Required Roles. But when I try to do this I get a message that "Security prevents writing to this field"

find_real_file.png

Another thread suggested turning on security debugging, which I did. However, with debugging turned on there's no option to add new roles even though my permissions are still elevated:

find_real_file.png

There are also no red entries in the debug log to indicate a security issue.

Is this a bug?

How can I achieve the same thing directly in the system tables?

BTW I have tried both Chrome and Firefox and cleared all session data and cookies to rule out browser issues.

Regards

David

Preview file
17 KB
Preview file
41 KB
0 Helpfuls
  • 6,224 Views
1 ACCEPTED SOLUTION

Go to solution
Oleg
Mega Sage
In response to David165

‎07-21-2019 02:52 AM

Hi David,

I think I understand now your original problem. It was a misunderstanding. I suppose that you clicked on the first column (Created by [sys_created_by]), where nobody has write permission by default. You should click on the second column to insert the Role:

find_real_file.png

One can modify default ACL (*.sys_created_by) for Created by [sys_created_by] column

find_real_file.png

but it's not recommended, or you can add new write ACL on sys_security_acl_role.sys_created_by (which is not recommended too).

If you find comfortable to display Created by [sys_created_by] in Requires role list then you can add it as the second column (after the Role). It will provide probably less misunderstandings.

By the way, even if you would click in the first column (on "Insert new row.." text) then you will get the following picture:

find_real_file.png

where the line with existing ACL and the column headers are not gray. If you compare the last picture with the picture, which you posted in your question you will see that your picture was done with disabled Elevated Roles.

Regards
Oleg

 

View solution in original post

Preview file
40 KB
Preview file
161 KB
Preview file
42 KB
Preview file
42 KB
10 REPLIES 10

Go to solution
Oleg
Mega Sage

‎07-18-2019 03:19 AM

You have to have security_admin role first of all, which is elevated. Then you should enable Elevates Roles to be able to change ACLs

find_real_file.png

find_real_file.png

 see documentation here, here and here.

 

Preview file
24 KB
Preview file
54 KB
Preview file
22 KB

Go to solution
David165
Mega Expert
In response to Oleg

‎07-18-2019 03:29 AM

Hi Oleg

I do already have the security_admin role and I can already elevate my role, but even with elevated roles I can edit the ACL but not add required roles.

find_real_file.png

The screenshots in my original post are with elevated roles.

Regards

David

Preview file
27 KB
0 Helpfuls

Go to solution
David165
Mega Expert

‎07-18-2019 11:19 AM

I'm pleased to say I have resolved this issue by resetting the columns in the required roles list to their default.

find_real_file.png

Previously I had the Role and Create By columns selected for display. The Created By column was preventing me from adding new roles.

Here's a screen grab showing the additional role I've added:

find_real_file.png

All sorted.

David

Preview file
53 KB
Preview file
18 KB
0 Helpfuls

Go to solution
Oleg
Mega Sage
In response to David165

‎07-18-2019 11:36 AM

Sorry, David, but is could be not the solution of your problem, which you described before. You will never get message like "Security prevents writing to this field" and other problems, which you described. I'm sure that you did other additional steps to be able to write ACL. 

0 Helpfuls