
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2022 01:55 AM
Hi
I created this Read ACL on sys_user field email.
I put a simple condition of if email does not contain
However, it just hides it everywhere now, even if the condition is not met...
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2022 02:10 AM
Yes, by adding a new ACL for a field, you're basically masking whatever more generic ACLs were allowing to do earlier.
SN will check ACLs from most specific to most generic, so it will first check your ACL to say it a user can acess the field or not. Your ACL basically now says "only allow to see the email field if the User has "sn_hr_core.case_writer" role AND the field does not contain
which probably is not quite what you meant.
To mitigate this you need another ACL for same field, saying if email DOES contain @1234, allow roles X, Y, Z to see it (you need to figure out which roles should then see this field).

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2022 02:10 AM
Yes, by adding a new ACL for a field, you're basically masking whatever more generic ACLs were allowing to do earlier.
SN will check ACLs from most specific to most generic, so it will first check your ACL to say it a user can acess the field or not. Your ACL basically now says "only allow to see the email field if the User has "sn_hr_core.case_writer" role AND the field does not contain
which probably is not quite what you meant.
To mitigate this you need another ACL for same field, saying if email DOES contain @1234, allow roles X, Y, Z to see it (you need to figure out which roles should then see this field).