Hello everyone,
In our project some business calculations are run in default logic. While customizing security, we use the account dimension in member access profile restrictions, because some users should have authorization to write on several accounts, and some should not, which is a common practice, as far as I know.
But when the default logic is executed after the user with restricted member access profile posts data, all the logic files included in default.lgf are run, including those, which are not related to data, posted at the moment. Naturally, the results of calculations performed by the logics involved can be written back to accounts, which the user is not authorized to post to.
For other secured dimensions this problem can be solved easily using *XDIM_FILTER, except the account dimension, considering that all the accounts are always in the default scope, regardless of the dimension member, to which the data is posted. So there is no way to set the necessary filter in logic files that will allow to avoid the conflict with security. Actually, such problem will most probably occur in each scenario, where account is a secured dimension and some business calculations are run in default.
Thanks for any ideas that will help to solve this problem,
Best Regards,
Michael