Questions on ACL

Shaik22
Tera Expert

Hello,

 

Please provide answers of below questions.

 

1.What is the execution order of checking ACL(Field or Table)?Which one will execute first?

2.What happened if there are multiple ACL that provide access true and false(one should be satisfy)?

3.How to restrict/Allow few table accesses for a group of people?

4.Why do we use domain seperation if we have ACL?

5.Can you please provide real time script based ACL?

1 ACCEPTED SOLUTION

Sandeep Rajput
Tera Patron
Tera Patron

@Shaik22 Here are few cents from my side.

1. A Table level ACL will execute first among a table level and field level ACL

2. If multiple ACLs are defined for the same operation (read/write/create/delete) and object (table/page/script include) then at least one of the ACLs need to pass to provide access to the object.

3. There are multiple ways to provide access of a table to a group of people, you can choose to create a specific role to allow access to a specific table, that custom role can be assigned to a group and that custom role should be added in the ACL's role list. 

 

Another way is to check if a user is a member of a specific group using the condition builder or a script and then return true if the above condition is true.

 

4. Domain separation is a feature used in multi-tenant environment where the data of different tenants needs to be kept separated from other tenants. Each tenants can have their own users and groups this logical separation of data would be a nightmare to handle via ACLs.

6. Here is an example of a scripted ACL.

Screenshot 2023-08-14 at 1.32.25 PM.png

 

Hope this helps.

View solution in original post

3 REPLIES 3

Maik Skoddow
Tera Patron
Tera Patron

Hi

please split your post and create individual question posts

Maik

If i create individual post it is difficult for me.

Sandeep Rajput
Tera Patron
Tera Patron

@Shaik22 Here are few cents from my side.

1. A Table level ACL will execute first among a table level and field level ACL

2. If multiple ACLs are defined for the same operation (read/write/create/delete) and object (table/page/script include) then at least one of the ACLs need to pass to provide access to the object.

3. There are multiple ways to provide access of a table to a group of people, you can choose to create a specific role to allow access to a specific table, that custom role can be assigned to a group and that custom role should be added in the ACL's role list. 

 

Another way is to check if a user is a member of a specific group using the condition builder or a script and then return true if the above condition is true.

 

4. Domain separation is a feature used in multi-tenant environment where the data of different tenants needs to be kept separated from other tenants. Each tenants can have their own users and groups this logical separation of data would be a nightmare to handle via ACLs.

6. Here is an example of a scripted ACL.

Screenshot 2023-08-14 at 1.32.25 PM.png

 

Hope this helps.