ACL control of function fields

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of ACL Control of Function Fields

    The ACL control of function fields has been updated in the Australia release. This change enhances security by requiring users to have access not only to the function field but also to all contributing fields used in its definition. This update affects the read and reportview operations, ensuring that users cannot access function fields without the necessary permissions on contributing fields.

    Show full answer Show less

    Key Features

    • Access Requirements: Users must have read access to both the function field and all contributing fields to access the function field.
    • Operations Affected: The read and reportview operations require access checks for both the function field and contributing fields.
    • Role-only Read ACL: For reportview access, users must possess a role-only read ACL without conditions or scripts, alongside the required access to contributing fields.

    Key Outcomes

    This update ensures that access to function fields is more secure, preventing unauthorized access based on the permissions of contributing fields. Users can expect the following:

    • If a user has the necessary role for the function field but lacks access to contributing fields, access will be denied.
    • Access scenarios can vary based on the setup of ACLs for contributing fields, affecting the overall access to function fields significantly.

    When evaluating access to a function field, in addition to checking access to the function field itself, the system also checks access to the function's contributing fields. Contributing fields are those used as the arguments in a given function definition.

    For more information about function fields, see Function field.

    In Rome and earlier, the system simply checks access to the function field itself (as with any other field). If the ACLs on that field allow access, the user receives the resulting value, regardless of whether the user has access to the contributing fields.

    In Australia and later, the system also requires access to all contributing fields in order to allow access to the function field. If one or more of the contributing field ACLs refuse access, the function field also refuses access.

    The only operations affected by the new requirement are read and report_view. Report_view has its own additional requirements.

    Operation Description
    read operation A user has read access to a function field only if both of the following are true:
    • The user has read access to the function field.
    • The user has read access to all of the contributing fields used in the function.
    report_view operation A user has report_view access to a function field only if all of the following are true:
    • The user has report_view access to the function field.
    • The user has report_view access to each of the contributing fields.
    • There is a role-only read ACL without conditions and without a script, and the user has that role.
    • The user has role-only read access to the contributing fields, such that only ACLs without condition or script can allow.

    Examples

    Given:
    • Table: salary
    • Columns: base, bonus, total (all are Integers in this example)
    • Function field: The total column is marked as a function field, with function definition glidefunction:add(base, bonus).
    • Contributing fields: base and bonus, since they're used in the function definition
    • Roles: salary_admin, bonus_admin
    Table 1. Example 1: All fields allow access
    ACLs Result
    total, base, bonus: read and report_view for role salary_admin, with no conditions or scripts A user with the salary_admin role is granted read and report_view access to total because they have the required role.
    Table 2. Example 2: Contributing field refuses read access
    ACLs Result
    • total, base: read and report_view for role salary_admin, with no conditions or scripts
    • bonus: report_view for role salary_admin , with no conditions or scripts
    • bonus: read for role bonus_admin, with no conditions or scripts
    		 A user with the salary_admin role is refused read and report_view access to total, because bonus refuses read access to their role.
    Table 3. Example 3: Contributing field ACL has script
    ACLs Result
    • total, base: read and report_view for role salary_admin, with no conditions or scripts
    • bonus: report_view for role bonus_admin, with no conditions or scripts
    • bonus: read for role salary_admin, with a script (note that it doesn't matter what's in the script, only that it's there)
    		 A user with the salary_admin role is granted read access to total, because they have the required role for all fields.

    But the same user with the salary_admin is refused report_view access, because the read ACL with the script refuses access by default for this case, even though they have the required role.