Create a new manual role (DataAccessTest in GardenWorld in demo system) related to Fertilizer org. Set User Level to Organization. Take away all access rights. Give Org Access to Fertilizer org. Give Window Access to Business Partner window (Read/Write). Create DataAccessTestUser BP and user and assign it to DataAccessTest role.
Login as that user.
First problem: When opening Business Partner window the user can see all BPs related to * organisation. Looks like the User Level is not respected.
Second problem: Login as GardenAdmin. Open BP C&W and open the Record Access Dialog via the Lock icon. Select DataAccessTest role, uncheck Exclude, check Read Only, uncheck Dependent Entities and save the rule. Login as DataAccessTestUser. Now the only entry in the Business Partner window is C&W. No entries related to the Fertlizer org are visible. Create a new BP entry and save it and it disappears immediately.
For the second case I have a workaround in MRole.getRecordWhere to show also the records belonging to the org of the role when there are included records in AD_Record_Access. But it does not solve the first problem.
Environment
None
Activity
Show:
Carlos Ruiz April 17, 2015 at 10:36 PM
closing as it seems misconfiguration - please reopen if needed with a test case
Carlos Ruiz June 2, 2013 at 1:32 AM
Hi Dirk,
#1 - I think that's on purpose, MRole.getOrgWhere returns records from organization 0 when they are accessed in read-only mode. If we change that behavior most of lists will become empty for the user.
#2 - The behavior of record access is:
exclude -> means to exclude one or several specific records from a table
not exclude -> means just include the not excluded records and exclude all the rest
Major
Create a new manual role (DataAccessTest in GardenWorld in demo system) related to Fertilizer org.
Set User Level to Organization.
Take away all access rights.
Give Org Access to Fertilizer org.
Give Window Access to Business Partner window (Read/Write).
Create DataAccessTestUser BP and user and assign it to DataAccessTest role.
Login as that user.
First problem:
When opening Business Partner window the user can see all BPs related to * organisation.
Looks like the User Level is not respected.
Second problem:
Login as GardenAdmin.
Open BP C&W and open the Record Access Dialog via the Lock icon.
Select DataAccessTest role, uncheck Exclude, check Read Only, uncheck Dependent Entities and save the rule.
Login as DataAccessTestUser.
Now the only entry in the Business Partner window is C&W.
No entries related to the Fertlizer org are visible.
Create a new BP entry and save it and it disappears immediately.
For the second case I have a workaround in MRole.getRecordWhere to show also the records belonging to the org of the role when there are included records in AD_Record_Access. But it does not solve the first problem.