Hello,
I have a field in a custom scope on the sn_employee_profile table. I created a role based "Allow if" Read ACL for that field (sn_employee_profile.x_abc_scopename_fieldname). If a user has the sn_employee.admin role, then the ACL works fine, but without it, the field level ACL doesn't get a chance to evaluate. The table level "allow if" and "deny unless" rules pass, but Access Analyzer shows the field level ACL is skipped and Read access is denied. What might be blocking the Custom Scope ACL from evaluating for non-employee-admin users?
Here's a list of things I've tried:
- Creating a new row level and sn_employee_profile.* ACL in the Employee Profile scope
- Creating a new row level ACL in the custom scope
- Using Access Analyzer and Debug Security to try to find some hidden ACL or Business rule.
- Simplify the field level ACL to just require snc_internal
