Announcement

Collapse
No announcement yet.

How to control fields listed when popup opens when click on a graphic report?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to control fields listed when popup opens when click on a graphic report?

    Hi, we have developed a report over a custom Entity and published into the external user portal.

    We have denied access for some entitie's fields to that portal user

    When clicking on a report bar, a short list of related records pops up, and the non-authorized fields for that portal_role / appear on the list, revealing information of the entity record.

    Where can we manage the list of thar fields to appear or desappear?

    Thanks in advance!

  • #2
    Hello.
    It is not possible. All that you can do, is create a similar report for portal user excluding those fields they shouldn't see.

    Comment


    • #3
      Thank you! that is exactly what I did: Portal role / user are not allowed to see that fields, (eather list or detail view) but they show the undisired fields on popup when clic. :/ .. This shouldn't happen because security should apply on popups also, and that is not happening.. Should I report a Bug?

      Comment


      • #4
        Could you attach the screenshots to let me see how this issue looks like? Also, I need the screenshot of the portal user role as well?

        Comment


        • #5
          Sure, thank your for supporting! Here it is,... the evidence with screenshots:

          1) Portal role hide fields rule is been set.OK
          2) Portal role rules show OK on user accessing portal hidding fields.
          3) Once in report section, onlic, Report shows the fields that supposed to be blocked by the rule.

          Comment


          • #6
            please note additionally that report settings has the following properties:

            -Apply ACL is enabled.
            -Reports is published in both portals, (one with the constraint rule and another without it). Due the ACL is applied, we think this must not affect, because user and report should get the portal_role rule applied to the portal where he is loged in.

            Comment


            • #7
              In this case, the report is already formed data stack. So the fields of the report are not checking on the accessibility each time when the user wants to check the report.
              Last edited by Maximus; 07-23-2019, 08:41 AM.

              Comment


              • #8
                Yes, that is a clear explanation of the report behavior. Thank you.. Neverless, from a user experience perspective, Do you agree with me, that a information system showing restricted data from a report component is a security breach / gap and should be treated as a bug?

                Comment


                • #9
                  For your information, Fields listed into the short popup list are the ones listed on option: ยป List (Small).. There is where fields are managed for pop up reporting. Regards.

                  Issue Closed

                  Comment

                  Working...
                  X