Skip to Content
0
Jun 11, 2018 at 11:23 AM

Access Control Context on the Embedded Component showing Custom BO records under Account TI

151 Views

Hi Experts,

We have a requirement to display the list of Quotes Records associated with a customer under that Customer as a facet(Tab).

The Quote BO is a custom BO created with different Screen scenarios.

This Quotes BO has a node called as "Quote Party", this node will store the involved parties of the quote.Further that node has a element Employee UUID where the Access Context Definition i.e the ACL Node definition is made.

The Quotes Records are shown to the user as per the access restrictions in OWL Screen by displaying the restricted set of quote records only. In OWL Screen we have used the SADL query to get the quote records from Database based on the access restrictions.

Issue - Sample UseCase Scenario:

A newly created user logs in to the system,

1) Opens the quotes OWL Screen in UI, finds 0 number of Quotes (Since he has not created any quotes) - Expected Behaviour

2) Navigates to the quotes tab under an Account (this account already has some n number of quotes which are created by other users), the same n number of quote is visible to the newly created user - Data breach

Suggestion Required:

1) Is it possible to use the dataset retured in the OWL screen as the source for filtering out the quotes associated to that particular account alone?

2) How to impose access context restriction on the embedded component of the custom BO under a stsndard Bo's TI Screen?

Thanks in advance.

Kindly suggest the ways to resolve this issue.

Thanks and Regards.

Shanmathi AG