Description
Symptoms
Admin unable to view all sys_user_preferences records seeing security constraints message.
Cause
Log in as an admin
- Type in the navigator filter sys_user_preferences.list
- You will be unable to view all records.
- An error message states: "Number of rows removed from this list by Security constraints: #"
- Elevate roles to security_admin
- Still unable to view records
Resolution
The System property "glide.security.admin.override.accessterm" is set to false, while it's true in a base system. See: Evaluate the admin override at the access level
The ACL: "sys_user_preference" /read is blocking your access even though you have the admin override it is being ignored due to the system property being set to false.
If your business process allows, you should set "glide.security.admin.override.accessterm" to true so the overrides in the ACLs for the admins would work.
Additional Information
The "security_admin" role cannot be inherited, it must be added by a user that has it as not inherited like the "admin" account. We recommend taking it out of the group and adding the role to each user that has an admin account that you want to have the security_admin role from an account that does not have it inherited from a group like the "admin" account.