Part of the query on sys_choice has been ignored because of insufficient access for 'query_match'

CharlieNZ
Tera Contributor

I hope this is the right place for this.

We have a user that has started getting these on each Incident they view:

Part of the query on sys_choice has been ignored because of insufficient access for 'query_match' operation on sys_choice.name
Part of the query on sys_choice has been ignored because of insufficient access for 'query_match' operation on sys_choice.inactive
Part of the query on sys_choice has been ignored because of insufficient access for 'query_match' operation on sys_choice.dependent_value
Part of the query on sys_choice has been ignored because of insufficient access for 'query_match' operation on sys_choice.element

charlesmeyer_0-1747600130406.png

 

We haven't made any changes to their account. The issue wasn't there a week ago. 

 

 

1 ACCEPTED SOLUTION

Hello @CharlieNZ 
My investigation shown that in fact, users didn't have read access to the field specified in the error message, visible in the below screenshot. All of that due to all sys_choice.* ACLs.

KonradMlodzik_0-1747728382087.png
My approach from here was to create sys_choice ACL for each of the fields that were prompted in error message, so in my case sys_choice.element and sys_choice.dependent_value.
I made them similar to the existing read ACL sys_choice.label.
Here you have an overview how I created that ACL:

KonradMlodzik_2-1747728919662.png


And as you can see here now in Access Analyzer, access is evaluated to true

KonradMlodzik_1-1747728858696.png

Try this approach with at least one of the fields from sys_choice that you have mentioned in yours error messages and see if the error still occurs. For me that works

If you can please mark that as helpful and that resolved your issue so that can help other visiting this thread 🙂

 

View solution in original post

12 REPLIES 12

phgdet
Mega Sage

Hi @CharlieNZ
There is an article that has quite the same error message you got. Maybe you need to update this property.

Name: glide.db.encoded_query.field_acl_error_msg

Type: true | false

Value: false

CharlieNZ
Tera Contributor

Thanks, this has hidden the messages. 

Robert H
Mega Sage

Hello @CharlieNZ ,

 

Please check the ACLs on your instance. "query_match" is a new type of ACL that allows fine tuning what kind of queries users can perform.

 

RobertH_0-1747634710807.png

 

Based on the error message you seem to have such an ACL configured for the sys_choice table. So you would have to review the roles/conditions/scripts in that ACL to find out why that particular does not get matched by that ACL, and then either adjust the user's roles, or the ACL, or create an additional ACL with criteria that would let that user pass.

 

More details here.

 

Regards,

Robert

When I look under ACL for query_match Operations, there is one listed:

CharlieNZ_0-1747690193816.png

CharlieNZ_1-1747690518705.png

 

 

Looking at the sys_choice table, there are no query_match operations listed.

CharlieNZ_2-1747690570884.png