ACL

anurag_b
Tera Contributor

For Incident form, There is ACL which is restricting write access for a role and there is another ACL which allows user with same role to write. Which ACL will work, Will the user with that role able to write or not?

5 ACCEPTED SOLUTIONS

Zach Koch
Giga Sage

ACLs work by Granting access, not restricting. So for example, when you create an ACL, the role that you give it grants access, and by default "restricts" other roles, but not explicitly. So what that means is that even though the role doesn't meet the first ACL, it will meet the second ACL allowing the user to write to it.

If this information helped resolve your issue, please remember to mark response correct and thumbs up to help future community members on this information, thanks!

View solution in original post

Abhishek_Thakur
Mega Sage
Mega Sage

Hello @anurag_b ,

I agree with the explanation by @Zach Koch . Just to summarize it as per your scenario the only ACL will work that will grant the user with the write access.

 

Please mark my answer as accepted solution and give thumbs up, if it helps you.

Regards,

Abhishek Thakur

View solution in original post

yuvarajkate
Giga Guru

ACL that grants access will work.

View solution in original post

vishwajeet5550
Mega Guru

For a user to gain write access, all ACLs must grant permission. If even one ACL denies write access, the user will be blocked from writing, regardless of other ACLs allowing it.

In your case, since one ACL restricts write access and another allows it for the same role, the restrictive ACL will take precedence. As a result, the user will not be able to write to the Incident form.

To resolve this conflict, you may need to adjust or remove the restrictive ACL to ensure consistent permissions.

View solution in original post

PritamG
Mega Guru

The user will not be able to write because deny ACLs take precedence over allow ACLs

View solution in original post

5 REPLIES 5

Zach Koch
Giga Sage

ACLs work by Granting access, not restricting. So for example, when you create an ACL, the role that you give it grants access, and by default "restricts" other roles, but not explicitly. So what that means is that even though the role doesn't meet the first ACL, it will meet the second ACL allowing the user to write to it.

If this information helped resolve your issue, please remember to mark response correct and thumbs up to help future community members on this information, thanks!

Abhishek_Thakur
Mega Sage
Mega Sage

Hello @anurag_b ,

I agree with the explanation by @Zach Koch . Just to summarize it as per your scenario the only ACL will work that will grant the user with the write access.

 

Please mark my answer as accepted solution and give thumbs up, if it helps you.

Regards,

Abhishek Thakur

yuvarajkate
Giga Guru

ACL that grants access will work.

vishwajeet5550
Mega Guru

For a user to gain write access, all ACLs must grant permission. If even one ACL denies write access, the user will be blocked from writing, regardless of other ACLs allowing it.

In your case, since one ACL restricts write access and another allows it for the same role, the restrictive ACL will take precedence. As a result, the user will not be able to write to the Incident form.

To resolve this conflict, you may need to adjust or remove the restrictive ACL to ensure consistent permissions.