ACL on parent and child table work

Go to solution
Kohei4
Giga Expert

‎12-26-2019 04:05 AM

Hi

Please let me confirm how acl rules work configured on parent and child tables.

There is a create acl rule (A) on the parent table which requires 'parent table user role' and there is another rule (B) on the child one which requires 'child table user role'.

When a user with the parent table user role and without it for child table try to create records on the Child table, user cannot do that because the acl rule B deny the access to child table. Is my understanding right?

Now I am troubleshooting the issue that a user with import_admin role can create records on a table extended from sys_import_set_row table that should not be accessed.

I wonder if import_admin can override any acls for all tables extended from the sys_import_set_table...

The reason the user has the import_admin role is than the user need to import excel file for other tables on another application.

0 Helpfuls
  • 7,208 Views
1 ACCEPTED SOLUTION

Go to solution
Mandeep Karan
Tera Guru

‎12-26-2019 06:26 AM

When a user with the parent table user role and without it for child table try to create records on the Child table, user cannot do that because the acl rule B deny the access to child table. Is my understanding right? --> Yes your understanding is correct. 

if ACL on child table is defined then parent ACL will be masked with child's one and all priority will be given to child's ACL.

You can refer the below image for sequence of evaluation:

find_real_file.png

View solution in original post

Preview file
533 KB
10 REPLIES 10

Go to solution
Mandeep Karan
Tera Guru
In response to Mandeep Karan

‎12-27-2019 12:38 AM

Here is an example

Table Xipher is extended from import set row

Create ACL on Xipher table:

find_real_file.png

User with Import Admin Role:

find_real_file.png

New Button missing

find_real_file.png

Now User with Itil role:

find_real_file.png

 

Note: In order to access extended table user must have both roles:(import_admin & role specific to extended table)

find_real_file.png

 

Regards,

Mandeep

Preview file
59 KB
Preview file
30 KB
Preview file
44 KB
Preview file
9 KB
Preview file
27 KB
Preview file
83 KB
0 Helpfuls

Go to solution
Mandeep Karan
Tera Guru
In response to Kohei4

‎12-27-2019 12:40 AM

Solution: Please also add import_admin role for test user as the user needs access on the extended table and also the extending table

0 Helpfuls

Go to solution
Mandeep Karan
Tera Guru
In response to Mandeep Karan

‎12-31-2019 01:13 AM

Any luck? Have you tried the above solution?

If it resolves your issue please mark the answer as correct and helpful.

Regards,

Mandeep

0 Helpfuls

Go to solution
Kohei4
Giga Expert
In response to Mandeep Karan

‎01-05-2020 06:56 PM

Hi, Mandeepkran

 

Thank you for your help but I'm still struglling with this issue.

Confirmed that ACL is created with None level and not only "Create" ACL but also "Read", "Write" and "Delete" ACLs is there (I assume this is the default acls created when this table was created).

Do you know the case user can create records without the necessary role?

 

Kohei

0 Helpfuls

Go to solution
Mandeep Karan
Tera Guru
In response to Kohei4

‎01-09-2020 06:30 AM

If table provides access to snc_internal or public roles then only anyone can create records.

Else, you can also use record producer to create records on table.

 

Have you checked if your user is having both roles, import_admin and the role specific to table.

 

Regards,

Mandeep

0 Helpfuls