Question

Document template ignore xpath access rules

0

In my entity I added for a role some access rules based on a Xpath - [not(Secret)] So records with Secret = true are not visible in a Grid GOOD But in a document template ( used for reports ) the secret records will be visible. WRONG Is it a Bug, a feature or do I something wrong

asked 2015-06-11

Jan de.Lange

2 answers

2

A microflow is normally executed without applying entity access. You can set this to true in the properties window under Security, 'apply entity access'.

Note that not applying entity access in the microflow doesn't mean that the web client will see things it can't see, whatever data is directly sent to the client still is filtered for security, but you can do operations on the server that give you full access (and are faster) in this way. Say for example you want to search for a similar record with a given name, if you'd apply entity access it would not be possible to do such a thing. It does however mean that all server operations executed by that microflow will ignore entity access. For the type of report that is then downloaded for a specific user, you'd turn entity access on.

answered 2015-06-11

Sebastiaan van den Broek

Jan de Lange · Accepted Answer · 2015-06-11

Thanks Stephan / Bas. Set entity access on the Microflow on true and it works.

I was too much focused on the document template itself. But the Microflow who call's that document template pass through the acces rights indeed.