How do I prevent the "Rows removed by security constraint: x" Message from being displayed?

Go to solution
cybernetic_crab
Kilo Contributor

‎01-08-2018 05:05 AM

In this Knowledgebase article, the author recommends to build an On Before Query Business Rule to filter the records that should not be displayed, so the list renderer would not have to decide wether the record should be displayed. Now I don't fully understand how to code the script for this rule, as any Queries on the current GlideRecord object would trigger the Script to be run again.

The problem that I am facing is that we have to separate groups working on Security Incidents, and neither should have access to the other's data. After implementing the access restriction, the users now see the message "Rows removed by security constraint: x". What I would like them to see is their own data, without the message and any hidden rows. The current implementation is not user friendly:

find_real_file.png

Preview file
36 KB
0 Helpfuls
  • 7,393 Views
1 ACCEPTED SOLUTION

Go to solution
srikanthvk
Giga Expert
In response to cybernetic_crab

‎01-17-2018 01:44 AM

Hi Leon,



You can disable the ACL for a while, use filter to see the records as per your condition. Right click on the filter to copy query and use it as an encoded query in the query business rule.



Hope this helps.



Please Hit like, Helpful or Correct depending on the impact of the response



Thanks,


Srikanth Varma


View solution in original post

14 REPLIES 14

Go to solution
Chuck Tomasi
Tera Patron
In response to cybernetic_crab

‎01-09-2018 05:54 AM

Hi Leon,



Try a before query BR that simply does this...



current.canRead();


0 Helpfuls

Go to solution
cybernetic_crab
Kilo Contributor
In response to Chuck Tomasi

‎01-10-2018 04:38 AM

Hi Chuck,



I tried the solution you proposed, it didn't change the behavior.



Won't this simply return a true into the ether? I thought you'd have to use at least something like .addQuery() to modify what is returned by the query.


0 Helpfuls

Go to solution
Chuck Tomasi
Tera Patron
In response to cybernetic_crab

‎01-10-2018 05:29 AM

You are right. Let me think on this a bit more.


0 Helpfuls

Go to solution
cybernetic_crab
Kilo Contributor
In response to Chuck Tomasi

‎01-12-2018 02:54 AM

I tried to filter by adding .addQuery("assignment_group", "value"), but it did not work as expected, returns an empty list..


0 Helpfuls

Go to solution
Chuck Tomasi
Tera Patron
In response to cybernetic_crab

‎01-15-2018 05:56 AM

Hi Leon,



I'm still working on this. I just had another thought. You may want to be aware that this has performance risks...



For every row you want to display, your before/query BR is going to read the group membership table and that's a lot of queries for every row to display, multiplied times the number of rows. See where this is going?



My question - how imperative is this to remove the message?


0 Helpfuls