Security Model not creating ACL for rejected access


Type: [C#Bot,Iterate]
Bot Version: []
Browser / OS: [ALL]


When you have all access turned off for a user on an entity the ACL is not generated. Should you have specific security needs such as users can only see applications that they have been assigned it leads a developer to likely turn read on and filter out things they shouldn’t see.

This is quite bad practice the better implementation is to have access turned off and add the exception to the file. It also means should custom code be blown away information is not leaked.

Attempted Resolutions

Toggle access on then off. did not create the file.
Other work around is to write it custom

Hi Blake! Welcome to the forum :wave:
Thank you for raising this request. I have forwarded it to the dev team and they are looking at how they can implement a solution for you.

Hi @Blake_Lockett! Just checking in to let you know that we have a fix ready to go and it will be released in the next few days :tada:

1 Like

Thanks Tessa much appreciated

Good news! Our Iterate release just went out, so the fix is now live :sunglasses: