When adding a Reference to a table and derived dot-walked fields from the referenced record to the List view on the original table, the ACLs on the referenced table do not have access to the full referenced record. Instead, they have access only to those specifically derived fields.
- Table A is a task table.
- Table B is an email table.
Add a referenced field on Table A that references Table B.
Add derived fields to the List view of Table A.
When viewing a list of Table A records, the ACLs on Table B run, but the "current" inside those ACLs is a GlideRecord containing only the specifically derived fields displayed on the Table A list. This affects usability when allow/deny decisions are based on fields that are present in the full Table B record, but are not present when the Table B record is part of a list of Table A records.
Steps to Reproduce
Create table test_table_a (col1, col2, col3)
Create table test_table_b (col1, col2, col3)
On Table A > add column > name = table_b; type = reference; reference = test_table_b
Add read ACL on test_table_b
admin overrides = false
advanced = true
script > answer = (current.isNewRecord() || current.col3 == 'foobar')
Insert record into Table B (col1 = foobar, col2 = foobar, col3 = foobar)
Insert record into Table A (col1 = foobar, col2 = foobar, col3 = foobar, table_b = <reference to foobar record inserted into test_table_b>
Configure test_table_A list configuration and add TableB.col2 (remove Table B reference, if there)
Load List view on Table A and notice that TableB.col2 is not populated (go to Table B List view and see col2 value)
Workaround 1: Add the column referenced in ACL to the List view.
Adding the column to the List view results in the value being part of the query. When the ACL is executed, that column value is now present and can be evaluated correctly.
Workaround 2: Rewrite ACL to not depend on the current value for the field that is not in the List view.
The ACL can be rewritten to not depend on the current value for the column that is not displayed. If the ACL cannot be reworked to avoid using that column, it can query the value directly from the database using GlideRecord. Note: There is a performance hit to execute the additional query.
Related Problem: PRB573139