Notifications

61 views

Description

Symptoms


Non-role (ESS) users are not able to see group (sys_user_group) records when trying to select a group from any fields or variables that reference the group (sys_user_group) table.

Release


All releases

Cause


The users are failing the table level read ACL on sys_user_group table.

The OOB ACL: /sys_security_acl.do?sys_id=811f2ddec0a801666be07f00f34794c7

Resolution


The OOB ACL checks for:

  • If the group has the admin role attached to it. If yes, then only users with admin role can view that group
  • If the group has the security_admin role attached to it. If yes, then only users with security_admin role can view that group
  • Otherwise, if the group doesn't have any of the roles above and if the user has any roles in the instance then grant that user read access to the group record

The OOB ACL can be modified as appropriate to grant non-role users access, or a new similar ACL can be created altogether for the same requirement.

Additional Information


Access control list rules

Article Information

Last Updated:2019-08-02 20:58:11
Published:2018-12-13