Questions on ACL

Go to solution
Shaik22
Tera Expert

‎08-13-2023 11:51 PM

Hello,

 

Please provide answers of below questions.

 

1.What is the execution order of checking ACL(Field or Table)?Which one will execute first?

2.What happened if there are multiple ACL that provide access true and false(one should be satisfy)?

3.How to restrict/Allow few table accesses for a group of people?

4.Why do we use domain seperation if we have ACL?

5.Can you please provide real time script based ACL?

0 Helpfuls
  • 2,035 Views
1 ACCEPTED SOLUTION

Go to solution
Sandeep Rajput
Tera Patron
Tera Patron

‎08-14-2023 01:02 AM

@Shaik22 Here are few cents from my side.

1. A Table level ACL will execute first among a table level and field level ACL

2. If multiple ACLs are defined for the same operation (read/write/create/delete) and object (table/page/script include) then at least one of the ACLs need to pass to provide access to the object.

3. There are multiple ways to provide access of a table to a group of people, you can choose to create a specific role to allow access to a specific table, that custom role can be assigned to a group and that custom role should be added in the ACL's role list. 

 

Another way is to check if a user is a member of a specific group using the condition builder or a script and then return true if the above condition is true.

 

4. Domain separation is a feature used in multi-tenant environment where the data of different tenants needs to be kept separated from other tenants. Each tenants can have their own users and groups this logical separation of data would be a nightmare to handle via ACLs.

6. Here is an example of a scripted ACL.

Screenshot 2023-08-14 at 1.32.25 PM.png

 

Hope this helps.

View solution in original post

3 REPLIES 3

Go to solution
Maik Skoddow
Tera Patron
Tera Patron

‎08-14-2023 12:03 AM

Hi

please split your post and create individual question posts

Maik

0 Helpfuls

Go to solution
Shaik22
Tera Expert
In response to Maik Skoddow

‎08-14-2023 12:04 AM

If i create individual post it is difficult for me.

0 Helpfuls

Go to solution
Sandeep Rajput
Tera Patron
Tera Patron

‎08-14-2023 01:02 AM

@Shaik22 Here are few cents from my side.

1. A Table level ACL will execute first among a table level and field level ACL

2. If multiple ACLs are defined for the same operation (read/write/create/delete) and object (table/page/script include) then at least one of the ACLs need to pass to provide access to the object.

3. There are multiple ways to provide access of a table to a group of people, you can choose to create a specific role to allow access to a specific table, that custom role can be assigned to a group and that custom role should be added in the ACL's role list. 

 

Another way is to check if a user is a member of a specific group using the condition builder or a script and then return true if the above condition is true.

 

4. Domain separation is a feature used in multi-tenant environment where the data of different tenants needs to be kept separated from other tenants. Each tenants can have their own users and groups this logical separation of data would be a nightmare to handle via ACLs.

6. Here is an example of a scripted ACL.

Screenshot 2023-08-14 at 1.32.25 PM.png

 

Hope this helps.