Access Control List Rule Order of Execution

Kyle Krick
Giga Contributor

‎02-25-2021 01:25 PM

I'm trying to make a custom Access Control on the Requested Item table (sc_req_item) for a specific catalog item. We have a request item that stores sensitive information that should only be accessible to members of the assignment group, the submitter or members of the watch list.

My issue is that the ACL is not being evaluated because there are other matching ACLs that are more general than mine and they get evaluated before mine. I see no way for me to specify an order of evaluation. Is there a way to do so?

Perhaps I should use something other than an ACL?

  • 2,615 Views
4 REPLIES 4

Brad Bowman
Kilo Patron
Kilo Patron

‎02-25-2021 01:52 PM

Hi Kyle,

ACL is definitely the only way to go for this.  It's not about order, rather if more than one rule are in conflict, the more general one wins.  What you have to do when you introduce a new rule is change the more general one - via roles, conditions, and/or script to account for the existence of the new one and not override it.  If you want to post the definition of the rules in question I can try to help figure out how to make it work.  Often with ACLs it's all about trial and error until all of your test cases work.

IbrahimVali
Tera Guru

‎02-25-2021 01:57 PM

Please follow below steps to achieve this functionality, 

1. Login as Admin and Create a simple role, u_new_role

2. Activate Elevate role by checking security_admin role

3. Navigate to table which you would like to write ACL (I think, you need to write here 'sc_cat_item')

4. Click on "New" button in Access Controls related List

5. Provide the below field values:

Type = record, Operation = Write, Name = Select table and select * [to see all the fields], in the requied roles section = give the role already created, Advanced = Check,

Script = Here you need to give your conditions

if user has role Manager or Requested user, then only to show.

6. Submit ACL

- -

7. Now login with Requested users and Managers to see your changes 

Please mark as Correct Answer, if this helps. 

Thanks,

0 Helpfuls

SAI VENKATESH
Tera Sage
Tera Sage

‎02-25-2021 07:52 PM

Hi,

 

ACL ------------> access control lists

 

when we create an application by default 4 access control lists are created..

1)create

2)write

3)delete

4)update

 

ACL's can be applied on tables and fields..

 

The order of execution is first check the table acl's and then field acl's.

 

if both table and field acl's executed true then acl's will be applied on tables and fields..

 

Thanks and regards

Sure Sai Venkatesh

 

Murthy Ch
Giga Sage

‎02-25-2021 09:22 PM

Hi @Kyle Krick 

ACL is the right way to perform this and no need to provide order also 

 

Thanks,

Murthy

 

Please mark my answer helpful if its solves your query.

Thanks,
Murthy