Due to access control rules for specific users, the retrieved records in a list gauge could be spread across multiple pages. The resulting list does not get sorted, and records get omitted from the gauge only at the moment of rendering. There could be several empty pages, and all the records that the user is allowed to access could be on the last page only.
The preferable solution is to display the total number of hidden records on each page that the user can view and show all the accessible records together starting from page one.
Steps to Reproduce
- Login to any instance as administrator
- Verify the Incident table has ACLs in place to restrict access to certain user roles
- Create a list gauge on the Incident table on a public homepage
- Verify the gauge returns all the incidents
- Login as an ESS user with limited visibility on incidents
- Open the public homepage and observe the list gauge output, showing the total count of records, but removing the non accessible records, giving the impression the list is empty.
For example, the OOB gauge My Open Incidents on the Check Status page fails to populate with the message:
Number of rows removed from this list by Security constraints: ...
This behavior is by design to not affect the query execution performance.
For tables where this is an issue or concern, do not use ACLs for security, but design a Before Query Business Rule to let the database apply the security filter on the query, instead of making the list renderer decide, after the query, which records it can or cannot display.
This workaround is not applicable in Express instances, which do not offer any scripting feature.
Related Problem: PRB565444