Hi,
We are trying to restrict read access for certain fields to a group for records assigned to them. All other users should not see the fields.
What I have done is create read access for the fields with required role (role assigned to the group) and used condition. When I tried testing it, it seems like the ACL did not use the condition to evaluate. In other words, the ACL is applied to all the records.
Hi Edgar,
ACL's protect the information in your tables on three levels;
- Table
- Record
- Field
There are three conditions to pass for each ACL record.
- A role
- A condition builder condition (fields depend on the table you are attaching the ACL to)
- A Java script that returns a true or false value
If any of those conditions return false, access is denied.
However, if any other ACL defined at the same level returns true access is allowed; (it's inclusive)
There's a field assisting you when developing ACL's
while testing with Admin role by impersonating bellow condition will always return true irrespective of Admin Override flag
snippet from wiki for ACL check the second para
| Admin Overrides | Select this check box to have users with the admin role automatically pass the permissions check for this ACL rule, regardless of what script or role restrictions would apply. However,the nobody role takes precedence over the admin override option, so even admins cannot have access if they are assigned the nobody role. Clear this check box if administrators must meet the permissions defined in this ACL rule to gain access to the secured object. Since administrators will always pass role checks (see the description of the Requires role field), use the condition builder or Script field to create a permissions check that administrators must pass. |
you have two option. either directly log in with user who has "second level finland" role or move this to script section
