Access Control Debugging - Inconsistent Behavior

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-16-2022 11:33 AM
I wanted to better understand Access Controls and what happens when various conditions are Not satisfied...
I created a brand new table called "plant" (u_plant), and created some records. Then I turned on debugging and tried accessing the table by impersonating a user who does NOT have the u_plant_user role. As expected, the user is unable to see any of the records in the table, and a message is displayed which says "Security constraints prevent access to the requested page", as you can see below.
But I am getting EXTREMELY inconsistent behavior in the Access Control messages which are displayed. There seem to be at least 4 different behaviors:
1) I get just a few Access Control messages displayed at the bottom of the page, and I see the one I expect, with a red X next to it, that says "ui_page/u_plant_list/read". This is great, but happens only RARELY, and I can't figure out when.
2) I get the expected message, as you can see in the screenshot below, but the Access Control PASSED, and is green, even though no records are displayed and the "Security constraints" message is displayed at the top of the page.
3) I get many Access Control messages, including some from tables I don't even expect to see, and I can't find the message I'm looking for at all.
4) I get a HUGE number of Access Control messages, like 50 pages worth, and again, I still do not see the message I expect.
So I guess my question is... What can I do to get much more consistent behavior when debugging Access Controls? And have others run into this? Thanks!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2022 05:02 PM
If you click on the blue link, it takes you the OOB ui_page read ACL that grants all internal users to access the UI Pages without any restriction. So all this is saying so far is you have access to the ui_page that lists all the records of the table but there are more ACL checks to occur, specifically table ACLs and field ACLs.
In your instance, what is the value configured for the system property "glide.sm.default_mode"?
Do you have and ACLs defined for u_plant?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2022 03:58 AM

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2022 04:00 AM
Update 02/28/2022. I entered a support case for this issue, the inconsistent behavior of the security debug messages appearing at the bottom of the form, and a ServiceNow technician was able to reproduce the issue. It's currently sitting in the Developer's queue for someone to look at, but they have not yet created a Problem record. Thanks all...