Hello! I’m trying to understand record level security. I have created Files catalog with CreatedBy attribute as reference to Users catalog. And ReadOwnFiles role.
In this role for Files catalog I checked all rights except Interactive delete. In Data access restrictions for Read right I have added a row where left Margins default and Access Restriction filled with this query:
Code |
---|
WHERE CreatedBy = &CurrentUser |
Next I added CurrentUser session parameter as a reference to Users catalog. I use some demo data, so it does not matter which value is in this session parameter. I use predefined values for testing purpose.
It works fine: I can create, read and edit files for current users only.
After that I added FileVersions non-periodic information register with File dimension as a reference to Files catalog and Version as Number. The resource is Data of ValueStorage type.
In records list of this register I can see all records including ones for restricted files, except for I can see IDs of them instead of descriptions.
To solve this problem I have added a custom list form with ALLOWED clause in dynamic list custom query:
Code |
---|
SEL ECT ALLOWED InformationRegisterFileVersions.File, InformationRegisterFileVersions.Version FR OM InformationRegister.FileVersions AS InformationRegisterFileVersions |
But it still displays records with references to restricted Files catalog items. What am I doing wrong?