Report view field ACL restricting access to report data
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-04-2024 07:41 PM
I configured a function field while creating a report for employee relations cases. The function field measures the datediff between two custom date fields on the sn_hr_er_case table.
I can view this function field in a list view of cases and can add the field to the case form and view it there as well. I tested this with regular ER case users and they see the information on the case form and list view.
However, if I set the report to a single score report, and try to use this function field to provide the average duration, I receive this message, Access to this content denied based on report_view field ACLs. My report and the function field are both created in the Human Resources: Employee Relations scope and the report is using the sn_hr_er_case table, which I can confirm this function field is on.
How do I resolve this so I can report on this new function field?
Thanks
John
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-04-2024 08:11 PM - edited 03-04-2024 08:11 PM
Hi @jrusso ,
In Rome and earlier, the system simply checks access to the function field itself (as with any other field). If the ACLs on that field allow access, the user receives the resulting value, regardless of whether the user has access to the contributing fields.
In Washington DC and later, the system also requires access to all contributing fields in order to allow access to the function field. If one or more of the contributing field ACLs refuse access, the function field also refuses access.
The only operations affected by the new requirement are read and report_view. Report_view has its own additional requirements.
| read operation | A user has read access to a function field only if both of the following are true:
|
| report_view operation | A user has report_view access to a function field only if all of the following are true:
|
Examples
- Table: salary
- Columns: base, bonus, total (all are Integers in this example)
- Function field: The total column is marked as a function field, with function definition glidefunction:add(base, bonus).
- Contributing fields: base and bonus, since they're used in the function definition
- Roles: salary_admin, bonus_admin
| total, base, bonus: read and report_view for role salary_admin, with no conditions or scripts | A user with the salary_admin role is granted read and report_view access to total because they have the required role. |
| A user with the salary_admin role is refused read and report_view access to total, because bonus refuses read access to their role. |
| A user with the salary_admin role is granted read access to total, because they have the required role for all fields. But the same user with the salary_admin is refused report_view access, because the read ACL with the script refuses access by default for this case, even though they have the required role. |
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2024 11:55 AM
Hi @Sumanth16
Thanks for the details. I believe I am following the information. Myself as the Admin and the two main users for this report & dashboard all have read/write access to the Employee Relations table and the fields that are used in the function field. It seems that I need to allow us access to the new function field on the employee relations case table. Do I need to create a new ACL for that function field?
