Prior to Fuji, if a database view was defined, but you had ACL rights to see the data in the underlying tables, you could view the results returned by the database view. This was incorrect behaviour.
Fuji, Geneva, Helsinki, Istanbul, Jakarta and Kingston.
Starting with Fuji, an additional tableLevelACLAllow() check is performed when displaying a list. After upgrade, a non-admin user will not have access to database view records unless a read ACL is created directly on the database view (just like other tables).
- Type Access Control in the navigation filter.
- Select the Access Control (ACL) module.
- Select the New action at the top of the list.
- Under Operation, select Read, and under Name, select the name of the database view i.e. Incident SLA
- Add the required roles needed to access the database view and click Submit.