Access Rule do not work properly in Microflow

Because of my company's security policy, I'll explain my problem in text.   I defind an Entity named Equipment_Set. - name : string - uuid : string Association (Account) *-* named ref_Managers   And I defined two Access Rules   1 : [EQP_Status.ref_Managers='[%CurrentUser%]' or System.owner = '[%CurrentUser%]'] user can delete object  / can see/ edit  all values of the object (All rights)   2. [set_type='Global'] can see all values of the object (Read Only)   These Access Rules work when I retrive Objects with Database as a DataSource But When I retrieve objects with Microflow, the microflow returns all the Objects in the database (Whether current user has a right or not! / But User cannot see the values in the Object. Only Empty Context is Returned).   I wonder why this problem occured and how can i solve this. (I want the microflow returns only the objects that user has proper right.)        
2 answers

It sounds like you need to Apply Entity Access to the microflow if you want the retrieve action to restrict access to what the current user only has access to. By default the microflow will have access to all the data. You can find this in the Properties tab of the microflow.


Screenshot 2024-04-02 at 10.06.32.png


More details can be found in the documentation.


Good luck!


Hi kim duho,


There is a option in microflow as "Apply Entity Access", when you want to apply access rules to the microflow you should allow that.


Screenshot 2024-04-02 142115.png


Hope it helps kim.