what are benefits of ACL over Before Business Rule? where we get sms: rows are restricted due to Security Constraints(ACL or BR)?

mallikharjunasw
Tera Contributor

what are benefits of ACL over Before Business Rule? where we get sms: rows are restricted due to Security Constraints(ACL or BR)?

1 ACCEPTED SOLUTION

AbhishekGardade
Giga Sage

Access Controls are a great to limit data visibility to those who need it. But still, there are some drawbacks:

  1. The dreaded 'Number of rows removed from this list by Security constraints' message.  Many organizations don't want their users to know they are being denied access, but this message makes it all too apparent.
  2. In large lists of data, the 'allowed' records do not bubble to the top - they can be hidden pages down in the list where they are difficult for users to find.
  3. In a script-based ACL, the script must run for each row returned - In some cases, this can cause significant performance degradation.

Before Query Business Rules are just what they sound like - Business Rules that run before the query on a table occurs.  They offer an opportunity to add query terms that will limit the data returned, and can therefore act as security measures.  There are many advantages to using these where possible:

  1. Because the list of data returned is pre-filtered, no more 'Number of rows removed from this list by Security constraints' message, and all data is returned in a clean list that is seemingly 'un-filtered' to the end-user.
  2. If scripting or an additional query is necessary to determine how the data must be filtered, it is far more efficient to do that once in a Before Query Business Rule than to do it hundreds or thousands of times through iterative runs of an Access Control script on each row of the table.

Things to Remember

  • A Before Query Business Rule is very effective to limit data visibility at the row level.  Access Controls must still be used to limit visibility at the field level.
  • Because Before Query Business Rules run before the data set is returned, they will run prior to processing of Access Controls.  If a customer prefers the warm reassurance of security that Access Controls provide, you may implement both a Before Query Business Rule and an Access Control to accomplish the same ends concurrently - the same performance benefits will be realized.

 

Please mark as Correct Answer and Helpful, if applicable.
Thank You!
Abhishek Gardade
Hexaware Technologies Inc.
Thank you,
Abhishek Gardade

View solution in original post

4 REPLIES 4

Harsh Vardhan
Giga Patron

ACL : ACL used to set the security on your table or field level, "Security Constraints" comes due to the ACL. 

Before business rule: it used to updated the record value. you can perform some "Update", "Delete" ,"Insert" operation on your current record. 

 

So coming back to your question ,

ACL will give the "Security Constraints" message. 

What is snatching in ACLs? what are other pros and cons of ACLs? what are High Security Settings?

AbhishekGardade
Giga Sage

Access Controls are a great to limit data visibility to those who need it. But still, there are some drawbacks:

  1. The dreaded 'Number of rows removed from this list by Security constraints' message.  Many organizations don't want their users to know they are being denied access, but this message makes it all too apparent.
  2. In large lists of data, the 'allowed' records do not bubble to the top - they can be hidden pages down in the list where they are difficult for users to find.
  3. In a script-based ACL, the script must run for each row returned - In some cases, this can cause significant performance degradation.

Before Query Business Rules are just what they sound like - Business Rules that run before the query on a table occurs.  They offer an opportunity to add query terms that will limit the data returned, and can therefore act as security measures.  There are many advantages to using these where possible:

  1. Because the list of data returned is pre-filtered, no more 'Number of rows removed from this list by Security constraints' message, and all data is returned in a clean list that is seemingly 'un-filtered' to the end-user.
  2. If scripting or an additional query is necessary to determine how the data must be filtered, it is far more efficient to do that once in a Before Query Business Rule than to do it hundreds or thousands of times through iterative runs of an Access Control script on each row of the table.

Things to Remember

  • A Before Query Business Rule is very effective to limit data visibility at the row level.  Access Controls must still be used to limit visibility at the field level.
  • Because Before Query Business Rules run before the data set is returned, they will run prior to processing of Access Controls.  If a customer prefers the warm reassurance of security that Access Controls provide, you may implement both a Before Query Business Rule and an Access Control to accomplish the same ends concurrently - the same performance benefits will be realized.

 

Please mark as Correct Answer and Helpful, if applicable.
Thank You!
Abhishek Gardade
Hexaware Technologies Inc.
Thank you,
Abhishek Gardade

What is snatching in ACLs? what are other pros and cons of ACLs? what are High Security Settings?