ACL on parent and child table work

Go to solution
Kohei4
Giga Expert

‎12-26-2019 04:05 AM

Hi

Please let me confirm how acl rules work configured on parent and child tables.

There is a create acl rule (A) on the parent table which requires 'parent table user role' and there is another rule (B) on the child one which requires 'child table user role'.

When a user with the parent table user role and without it for child table try to create records on the Child table, user cannot do that because the acl rule B deny the access to child table. Is my understanding right?

Now I am troubleshooting the issue that a user with import_admin role can create records on a table extended from sys_import_set_row table that should not be accessed.

I wonder if import_admin can override any acls for all tables extended from the sys_import_set_table...

The reason the user has the import_admin role is than the user need to import excel file for other tables on another application.

0 Helpfuls
  • 7,207 Views
1 ACCEPTED SOLUTION

Go to solution
Mandeep Karan
Tera Guru

‎12-26-2019 06:26 AM

When a user with the parent table user role and without it for child table try to create records on the Child table, user cannot do that because the acl rule B deny the access to child table. Is my understanding right? --> Yes your understanding is correct. 

if ACL on child table is defined then parent ACL will be masked with child's one and all priority will be given to child's ACL.

You can refer the below image for sequence of evaluation:

find_real_file.png

View solution in original post

Preview file
533 KB
10 REPLIES 10

Go to solution
Mandeep Karan
Tera Guru

‎12-26-2019 06:26 AM

When a user with the parent table user role and without it for child table try to create records on the Child table, user cannot do that because the acl rule B deny the access to child table. Is my understanding right? --> Yes your understanding is correct. 

if ACL on child table is defined then parent ACL will be masked with child's one and all priority will be given to child's ACL.

You can refer the below image for sequence of evaluation:

find_real_file.png

Preview file
533 KB

Go to solution
Kohei4
Giga Expert
In response to Mandeep Karan

‎12-27-2019 12:10 AM

Thank you for your comment.

Umm.. I cannot understand why the user could create records on the child table...

 

I have already confirmed that by creating test user with the same roles and he cannot access to the child table in dev instance.

Do you have any good idea to troubleshoot this issue?

0 Helpfuls

Go to solution
Mandeep Karan
Tera Guru
In response to Kohei4

‎12-27-2019 12:19 AM

Can you share the ACLs created on extended table?

0 Helpfuls

Go to solution
Mandeep Karan
Tera Guru
In response to Mandeep Karan

‎12-27-2019 12:21 AM

Or can you confirm if you have created ACL for create permission at none level.

0 Helpfuls