Restrict READ certain attachments on sys_attachment - ACL

zynsn
Tera Expert

‎07-08-2024 06:19 PM - edited ‎07-08-2024 06:28 PM

Hi SysAdmins,

 

I am trying to restrict read rights to users without a particular role on the sys_attachment table. 

 

I have the operation set as read

Admin override unchecked

Table Name is sys_attachment --None--

 

Requires role: my custom role.

 

When I impersonate another user, that user who does not have the role can view the attachments. I have tried using the Access Analyzer and the permissions for Read are blocked but it skips my ACL. Any tips on what am I doing wrong?

Or should I be using column level encryption for this requirement?

 

Thanks.

0 Helpfuls
  • 650 Views
1 REPLY 1

Tony Chatfield1
Kilo Patron

‎07-08-2024 07:23 PM

Hi, when customizing ACL's, as well as adding new ACL you often have to check\validate and update\edit OOB ACL's to ensure existing access is excluded.
Checking a PDI I see 13 OOB sys_attachment read ACL's, that would need to be reviewed and possibly updated to ensure your users were excluded before your new ACL evaluates to allow access.