When adding a Reference to a table and derived dot-walked fields from the referenced record to the List view on the original table, the ACLs on the referenced table do not have access to the full referenced record. Instead, they have access only to those specifically derived fields.
- Table A is a task table.
- Table B is an email table.
Add a referenced field on Table A that references Table B.
Add derived fields to the List view of Table A.
When viewing a list of Table A records, the ACLs on Table B run, but the "current" inside those ACLs is a GlideRecord containing only the specifically derived fields displayed on the Table A list. This affects usability when allow/deny decisions are based on fields that are present in the full Table B record, but are not present when the Table B record is part of a list of Table A records.
Steps to Reproduce
Create table test_table_a (col1, col2, col3)
Create table test_table_b (col1, col2, col3)
On Table A > add column > name = table_b; type = reference; reference = test_table_b
Add read ACL on test_table_b
admin overrides = false
advanced = true
script > answer = (current.isNewRecord() || current.col3 == 'foobar')
Insert record into Table B (col1 = foobar, col2 = foobar, col3 = foobar)
Insert record into Table A (col1 = foobar, col2 = foobar, col3 = foobar, table_b = <reference to foobar record inserted into test_table_b>
Configure test_table_A list configuration and add TableB.col2 (remove Table B reference, if there)
Load List view on Table A and notice that TableB.col2 is not populated (go to Table B List view and see col2 value)
Workaround 1: Add the column referenced in ACL to the List view.
Adding the column to the List view results in the value being part of the query. When the ACL is executed, that column value is now present and can be evaluated correctly.
Workaround 2: Rewrite ACL to not depend on the current value for the field that is not in the List view.
The ACL can be rewritten to not depend on the current value for the column that is not displayed. If the ACL cannot be reworked to avoid using that column, it can query the value directly from the database using GlideRecord. Note: There is a performance hit to execute the additional query.
Workaround 3: Turn off the list optimize property.
The glide.ui.list.optimize property can be set to false to work around this issue. Setting the property to false results in additional queries to fetch data for each of the referenced tables. The additional queries return the complete record for each referenced column, thus ensuring that the ACL has all the necessary data to evaluate correctly. Due to the addition of the extra queries, the customer should test the performance to determine if it is acceptable. Be very careful when using this workaround, because it will affect the performance of the entire system, not just the queries on the table with dot-walked fields. Workarounds 1 and 2 should be used instead of Workaround 3 when at all possible.
An additional concern with using this workaround is that it can interfere with reports that use variables. See KB0639102 for additional details.
Note: Make sure not to mix up this new property with a similar one: glide.ui.optimize.lists. If you set glide.ui.optimize.lists to false, the issue will also be resolved for List views. However, when exporting to Excel, the values for the dot-walked fields are still not displayed. With glide.ui.list.optimize set to false, the values should be displayed correctly in Excel, as well.
Related Problem: PRB573139