Notifications

5 views

Symptoms

List collector and table list allowing filter on fields the end users don't have access to read

Release

All releases

Cause

Expected behavior

Resolution

This behavior is addressed in PRB1259457 - ACLs do not apply to the search in the list view and in the global text search. Though the PRB address this issue in List. Our development team has deemed this PRB as "working as expected" with the following reason. "Field-level ACLs are evaluated for the display of content, but do not have any impact on the actual text search. Fields with sensitive content can be excluded from being indexed." 

Additional Information

 

In the screenshot below. ITIL user is not able to see the value in the SSN field but is able to search and return a value.

Article Information

Last Updated:2019-05-21 11:56:59
Published:2019-04-24