Can ACL be overridden ?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-06-2015 01:58 AM
Hi All,
In our project, we have written an ACL for allowing permission to edit all variables in the problem when the state is not Resolved, cancelled or closed. Now we have a requirement that we need to give access to edit a single field even after Resolved state. I tried by writing another Field ACL but it does not work. Since Field ACL will work first and later the table ACL will work. Can anyone help me for this ?
Regards,
Ajai

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-06-2015 07:21 AM
It is also not working for me
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-06-2015 07:30 AM
I dont' beleive this is correct.. if i am not mistaken you need access from BOTH the table level AND the field level...
so the required solution would be to get rid of the table level rule that blocks access...
create a Field level rule with an * for the field that blocks access to all fields... then create a field level rule for that one field that allows access...
since it got a block and a read at the SAME level <field level> it will allow it... as long as there is no table level block
so in short acl's at the same level are LEAST restrictive... acl's at different levels are MOST restrictive..... hope that makes sense.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-06-2015 07:36 AM
4.1.1 Field ACL Rules
Field ACL rules are processed in the following order:
- Match the table and field name. For example, incident.number.
- Match the parent table and field name. For example, task.number.
- Match any table (wildcard) and field name. For example, *.number.
- Match the table and any field (wildcard). For example, incident.*.
- Match the parent table and any field (wildcard). For example, task.*.
- Match any table (wildcard) and any field (wildcard). For example, *.*.
The first successful evaluation stops ACL rule processing at the field level. This means that when a user passes a field ACL rule, the system stops searching for matching field ACL rules. The user must also pass the table ACL rules to be granted access to the record object. For example, if a user passes the field ACL rule for incident.number, the system stops searching for rules that secure the Number field. The user must then pass the table ACL rules on incident to see the Number field.
4.1.2 Table ACL Rules
In most cases there is not an individual field ACL rule for every field in the table the users is trying to access. If no field ACL rule matches the record object, the user must pass the table ACL rule. Since the base system includes wildcard table ACL rules that match every table, the user must always pass at least one table ACL rule. The base system provides additional table ACL rules to control access to specific tables.Table ACL rules are processed in the following order:
- Match the table name. For example, incident.
- Match the parent table name. For example, task.
- Match any table name (wildcard). For example, *.
Just like with field ACL rules, the system grants the user access to the record object secured by the ACL rule and stops searching for matching ACL rules the first time a user passes a table ACL rule's permissions. A user who passes the table ACL rule for incident has access to all fields in the Incident table. A user who passes the table ACL rule for task has access to all fields in the Task table as well as the fields in extended tables. A user who passes the table ACL rule for any table has access to all fields in all tables.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-06-2015 07:53 AM
Actually in table level, I am restricting users from editing all fields when state of 'problem' is resolved or closed.
Now I want to give access to edit only one field in the problem even the state is resolved or closed

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-06-2015 08:20 AM
If the user has no access on table, how can he access the field ? Table access must be there for field level restriction to work