Description
If the end user does not have access to all the list's records due to an ACL restriction, the 'group by' feature does not work.
This issue is present under these conditions:
- The list is List V3
- rows removed from this list by Security constraints is >= 1
- The end user attempted to use group by on a column, or the list URL already implements the group by on a column.
There will be an error present in the browser's development console.
Steps to Reproduce
- Hop into any instance where List V3 is enabled and active (Istanbul and later confirmed) with demo data
- Navigate to [incident.list]
- Confirm a user with multiple incidents in different states (ex: Joe Employee)
- Navigate to the Incident table-level read Access Control ACL record
- Description: You can read an incident if you opened it, are the caller of record, or are on the watch list
- Update the Conditions to include Incident.state is In Progress and Save.
- Impersonate Joe Employee
- Navigate to Self Service > Incidents
- Note the message Number of rows removed from this list be Security constraints: x
- If necessary, use personalize list option to add Incident State to the list.
- Right-click the Incident state column and select Group by
You will see the list is never reloaded, and if you open the browser's dev tool you will see console error:
Failed to load resource: the server responded with a status of 500 (Internal Server Error)
Workaround
After carefully considering the severity and frequency of the issue, and the cost and risk of attempting a fix, it has been decided to not address this issue in any current or near future releases. We do not make these decisions lightly, and we apologize for any inconvenience.
Related Problem: PRB1020369
