E9.2 Security not applying equally

DrWhat?

DrWhat?

Member
So I've got a bit of a weird one.

We are using row security to restrict access to specific cost centers so I've got a role that's applied to all applicable users that restricts as follows:

1651267233040.png

This has worked for our intended purposes as we then apply 'y' to view for specific cost centers directly to individual users that are approved to see information in that cost center.. so in our case cost centers within the 0-9999 range...

The issue is that I have a user that can see information in P071862 for cost centers that *should* be restricted. I set up a test user with identical roles/security and I'm not able to see the restricted cost centers... so I'm pretty confused. Security between the two users is identical, but in practice is not applying identically.

I've cleared cache and removed/readded roles to the problem user and still he can see what he shouldn't... anyone got any tips? Some super secret security table that's ruining my day?

Thanks,
 
Have you generated a debug log for the problem user and the test user to compare and see how the WHERE clause is being built? Do you see the same behavior from databrowser / UTB also when looking at the table directly? I was going to ask to confirm that the data item is indeed CostCenter in P071862 but since you said the security works fine for the test user it must be correct.
 
Have you generated a debug log for the problem user and the test user to compare and see how the WHERE clause is being built? Do you see the same behavior from databrowser / UTB also when looking at the table directly? I was going to ask to confirm that the data item is indeed CostCenter in P071862 but since you said the security works fine for the test user it must be correct.
I haven't, though I will give it a shot. Also trying the tried and true turn it off and turn it on again today while the system isn't being used. I'm wondering if something in the cache is sticking for this user... thanks for the suggestion.
 
How many differents roles does the user have? I know you are limited to about 30 (it actually depends on the lenght of the role name, I think the buffer they are held in is about 300 bytes long). If you overflow, the ones cached can change each time.

Tom
 
By default, the YYYY (second row) is not needed. You just need to define row security for a setting with 'N'. The string type might confuse the system. I would suggest you to try to take away the second line. If you need to add more range of restriction, add more security with 'N' settings.
 
Back
Top