acl vs business rule

rahulnagarajan
Kilo Contributor

For security reasons, what is best to be used ? Shall i use acl to restrict the access or buisness rul?

pros and cons... or when to use what... sorry i am new, forgive me if i have not used right terms here...

1 ACCEPTED SOLUTION

Hi Rahul,



Please check if the below helps.



1. Performance: Before query is better because the conditions/filters run the initial Database query level.


2. User Experience: Before Query is better because you don't get the security message in the bottom of the List View saying 'some records removed due to security" which might confuse the user.



Though ACL has its own advantages (for example - field level restriction..etc), Business Rule seems to be a better choice for your question.



Hope this helps. Mark the answer as correct/helpful based on impact.



Thanks


Antin


View solution in original post

13 REPLIES 13

swati38
Tera Expert

Acl and BR are both server side, so they restrict the fields before the form is loaded.


Br can aslso restrict similar to ACL. ACL are little complex to work with downward approach like table access,field access and both.


Anurag Tripathi
Mega Patron
Mega Patron

You can actually use both, one major difference is while using ACL it gives a message '20 rows are hidden for security reason'...something like that. But with Business rules you wont get that. My personal preference is ACL as the purpose of acl is that only while BR is for different things, so you platform is more maintainable for the next person to follow.


-Anurag

thanks!!!!



any idea which performs well on performance stand point?


Good point:



Before query is highly preferable if you can use one. It makes the database do the work by modify the query itself. With Contextual Security, your instance has to decide per record what a user can see after fetching them from the database.



With a before query rule, unavailable records are simply not there as far as the user is concerned. With Contextual Security they might get a list of 4 visible records, and the list might say 1 to 100 of 546 with a message at the bottom saying "96 records removed due to security constraints".



Copied from CapaJC


-Anurag