How to create read only ACL for custom table?

Go to solution
evogel
Tera Contributor

‎08-18-2017 02:36 PM

Hello!

How to create read only ACL for custom table? This worked in the dev, but not the test instance.

To be specific:

  • A catalog request uses a variable that references this table.
  • The catalog request is open to any SN user that can log in.
  • All values in the table should be accessible with ready-only permission to any user. Just a long list of available systems.
  • Only admins should create or modify.
  • Catalog item variable works in the dev instance, but not our test instance?

Steps taken:

  • Using elevated role security_admin.
  • Recreated the ACL on test.
  • Checked "Create access controls" and used 'user.'
  • Removed "user" role from the ACL with read operation.
  • Added an ACL record to read all table contents, and removed user role requirement from below.

This thread is closely related, but no resolution there either.

Same setup for Dev and Test

8-18-2017 3-44-53 PM.jpg

ACL execution in Dev:

8-18-2017 3-49-56 PM.jpg

ACL execution in Test:

8-18-2017 4-11-51 PM.jpg

The additional ACL record created to just read, without role required.

8-18-2017 4-18-28 PM.jpg

End result in Test. Dev shows all the choices while impersonating the same user (who has no roles assigned).

8-18-2017 4-14-20 PM.jpg

What am I missing here?

Labels:
Preview file
22 KB
Preview file
136 KB
Preview file
83 KB
Preview file
8 KB
Preview file
120 KB
  • 6,195 Views
1 ACCEPTED SOLUTION

Go to solution
Jaspal Singh
Mega Patron
Mega Patron

‎08-19-2017 12:30 AM

Hi Edward,



Try changing it to None.


find_real_file.png


View solution in original post

Preview file
142 KB
9 REPLIES 9

Go to solution
krr
Mega Guru

‎08-18-2017 03:03 PM

In case it's the same issue, this week I promoted an application from dev to prod and none of the ACLs restricted access in prod where they did in dev. Even ESS users with no role could read and edit.



I was testing via impersonation.



After an hour of pulling my hair out, I opened a Chrome Incognito window to test as a new session and logged in as my admin account. Impersonating another user then did properly restrict their access.



It appeared to mix my admin access in with the user I was impersonating in the non-incognito window.



Not sure if is the same thing I ran in to, but sounds similar.


Go to solution
evogel
Tera Contributor
In response to krr

‎08-25-2017 01:00 PM

No fix. Tried logging in with dedicated Test User that has no roles assigned, on a different browser. Same effect.


0 Helpfuls

Go to solution
kartik8
Kilo Contributor

‎08-18-2017 03:17 PM

Hi Edward,



For The additional ACL record created to just read, without role required part can you create table.none acl instead of table.*?


Go to solution
evogel
Tera Contributor
In response to kartik8

‎08-25-2017 01:01 PM

No fix. Tried this and the list collector still shows no matches for results.


0 Helpfuls