• Welcome to the upgraded JDELIST forum and thank you for your patience.
    Please restrict discussions and issues regarding the new forum software to the Off Topic forum. We will be monitoring that forum for issues.
    If you have trouble logging in, please reset your password using the forgotten password form: https://www.jdelist.com/community/index.php?lost-password/
    If you are unable to successfully reset your password, please contact us: Click here!
    We hope that you enjoy the upgraded forum.
  • Introducing Dark Mode! Switch by clicking on the lightbulb icon next to Search or by clicking on Default style at the bottom left of the page!

Understanding of Exclusive Application Security

Joel

Member
Hello All,

Had a query regarding Exclusive Application security and if my understanding of it was correct as I could not find a lot of examples on MOS.

We have a role example Role_A with access to only 1 company and another role example Role_B with access to 10 companies. Role_A has a higher sequence number than Role_B. I have a scenario where in all applications a user should have access only to 1 company (Role_A) but for one specific application he should have access to 10 companies (Role_B)

Thus I gave Role_B Exclusive Application security to this specific application. I cleared the cache and restarted the JAS. Is this understanding of Exclusive application security correct that for this specific application it will ignore the role seq/conflict and use the security of Role_B and display 10 companies ?

This however is not happening and the security of Role_A is taking precedence even in the application where Excl Application security is applied. I still see only 1 company when I login with *ALL (All My Roles)

Regards,
Joel
 
Hi Joel,
Are you using row security to secure company? in that case it will always apply the lowest restriction from the layer when you utilize *ALL role for login. in that case the user should login with the specific role. But on the other hand, if you have specific version for the companies in the application and you lock down company field , that might give you what you are looking for.
 

lnelson6

Member
As Abir said, only the role with the highest sequence number will be interpreted for the row security. You might want to remove Role B from the user and just give the user (or their application security role) the exclusive application security record for the application in question.

Linda Nelson
ALLOut Security
 
Top