field ACL failing due to the record write * ACL

Go to solution
User163016
Tera Contributor

‎11-03-2016 11:50 AM

I'm trying to give our Service Desk Analysts write privileges to a few fields on the sys_user table to help troubleshoot orchestration and login issues.   I have a role called sd_analyst and I created a field level ACL to give that role write access.   Unfortunately it's not working and in my debugging efforts found that it's failing because the record write * AC.   This AC's description is:

To write to records on any table the following must apply:

user has the admin role

OR

glide.sm.default_mode = allow which allows access to all tables in the absence of any other security rules (ACLs)

Any suggestions are appreciated

Thanks

0 Helpfuls
  • 1,865 Views
1 ACCEPTED SOLUTION

Go to solution
Abhinay Erra
Giga Sage

‎11-03-2016 11:54 AM

In order to give them the write access, you need to give field level access as you mentioned and also table level access too.


View solution in original post

0 Helpfuls
5 REPLIES 5

Go to solution
Abhinay Erra
Giga Sage

‎11-03-2016 11:54 AM

In order to give them the write access, you need to give field level access as you mentioned and also table level access too.


0 Helpfuls

Go to solution
User163016
Tera Contributor
In response to Abhinay Erra

‎11-03-2016 02:06 PM

Thanks Abhinay/Balaji.



I went back and confirmed the ACL that gives sd_analyst role table level write access and created an ACL that gives the sd_analyst write access to the u_peoplesoft_id field.   I tried again and it failed.   I also noticed there is another ACL that is failing as well and the field level ACL isn't getting evaluated.


find_real_file.png



The following are the two ACLs that are causing the failure:


find_real_file.png



find_real_file.png


Preview file
33 KB
Preview file
78 KB
Preview file
110 KB
0 Helpfuls

Go to solution
BALAJI40
Mega Sage

‎11-03-2016 11:57 AM

Hi chad,



To write to records on any table the following must apply:


user has the admin role


OR


glide.sm.default_mode = allow which allows access to all tables in the absence of any other security rules (ACLs




The above mentioned points applicable to admin role, because they can access to all the tables. so its not the failing case.



first create acl for   table level and then create field level, then it will work.



provide the screen shot for the write access you created


0 Helpfuls

Go to solution
User163016
Tera Contributor
In response to BALAJI40

‎11-03-2016 02:24 PM

Hi Balaji,



Here is a screenshot of the field level ACL I created:


find_real_file.png



If I'm understanding the process order, field level ACL should be evaluated first so I agree that the ACL I mentioned as the issue above shouldn't be causing problems but according to debugging it is.



Thanks,


Preview file
77 KB
0 Helpfuls