field ACL failing due to the record write * ACL

User163016
Tera Contributor

I'm trying to give our Service Desk Analysts write privileges to a few fields on the sys_user table to help troubleshoot orchestration and login issues.   I have a role called sd_analyst and I created a field level ACL to give that role write access.   Unfortunately it's not working and in my debugging efforts found that it's failing because the record write * AC.   This AC's description is:

To write to records on any table the following must apply:

user has the admin role

OR

glide.sm.default_mode = allow which allows access to all tables in the absence of any other security rules (ACLs)

Any suggestions are appreciated

Thanks

1 ACCEPTED SOLUTION

Abhinay Erra
Giga Sage

In order to give them the write access, you need to give field level access as you mentioned and also table level access too.


View solution in original post

5 REPLIES 5

Abhinay Erra
Giga Sage

In order to give them the write access, you need to give field level access as you mentioned and also table level access too.


Thanks Abhinay/Balaji.



I went back and confirmed the ACL that gives sd_analyst role table level write access and created an ACL that gives the sd_analyst write access to the u_peoplesoft_id field.   I tried again and it failed.   I also noticed there is another ACL that is failing as well and the field level ACL isn't getting evaluated.


find_real_file.png



The following are the two ACLs that are causing the failure:


find_real_file.png



find_real_file.png


BALAJI40
Mega Sage

Hi chad,



To write to records on any table the following must apply:


user has the admin role


OR


glide.sm.default_mode = allow which allows access to all tables in the absence of any other security rules (ACLs




The above mentioned points applicable to admin role, because they can access to all the tables. so its not the failing case.



first create acl for   table level and then create field level, then it will work.



provide the screen shot for the write access you created


Hi Balaji,



Here is a screenshot of the field level ACL I created:


find_real_file.png



If I'm understanding the process order, field level ACL should be evaluated first so I agree that the ACL I mentioned as the issue above shouldn't be causing problems but according to debugging it is.



Thanks,