ACL - Arghhh. Make all fields read only, except for 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-14-2016 09:32 AM
Hello
I've done a lot with ACLs but for some reason having difficulty with what I would think should be a simple thing.
LOCATIONS (cmn_location table)
I want to:
Disallow write access to all fields except for 2 fields (Contact and a custom 'comments' field).
ITIL can basically read locations, but only an onboarding groups should be able to modify 'contact' and 'comments'.
For 'write' there's a 'cmn_locaton.*' that has no role attached; and cmn_location.u_comments and cmn_location.contact with the proper user role to allow them to edit. With this in place, the write is blocked by an out of box ACL. */write/record
If I use cmn_location/none with a specific role (admin only), all fields are still locked.
If I use cmn_location/none with Admin role AND cmn_location.*, all fields are still locked.
| * | write | record | true |
| cmn_location.* | write | record | true | glide.maint | 2016-12-14 11:25:39 | ||||
| Preview | cmn_location.u_comments | write | record | true | 016-12-14 11:17:13 | ||||
| Preview | cmn_location.contact | write | record | true | 2016-12-14 10:51:18 | ||||
| Preview | cmn_location.* | read | record | true | 2016-06-02 13:16:44 |
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-14-2016 10:26 AM
no worries at all took me a LOT of broken acl's to almost understand them....
i will emphasize that ANYTIME you mess with acl's you do EXTENSIVE testing in all roles even those you think won't be affected to ensure you are getting the desired results.. you can do SERIOUS damage by mistake with an acl...
