Announcement

Collapse
No announcement yet.

AcL to read all records of an entity belonging to the same account seem to be ignored

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • AcL to read all records of an entity belonging to the same account seem to be ignored

    Hi there,

    the situation is as follows:
    -> There are portal users. Those users are assigned to a portal role.
    -> There are three main entities here: Firma (account in english) is the first. Firma can have multiple Entity A (1..n). Firma can also have multiple Entity B (1..n).

    Now in the first screenshot you can see the assigned AcL in regards to Entity A and B:

    Click image for larger version

Name:	espo1.png
Views:	150
Size:	56.6 KB
ID:	93328



    Portal users are able to see all records of Entity B that belong to the same Firma. But they cannot see all records of Entity A. They only can see those records that they created:
    Click image for larger version

Name:	espo2.png
Views:	89
Size:	63.6 KB
ID:	93329


    Now I am running out of ideas what can be the cause for this issue I am facing. There are no other roles involved. I also checked the relationships. Do you have any ideas?

  • #2
    Most likely, the problem is in the Relationships. Please send screenshots from Administration > Entity Manager > Account > Relationships (relationships with Entity A and Entity B are of interest).

    Portal Role options account and contact are very sensitive to Link in Relationship (screenshots 1, 2).
    These options will only work if:
    • When Link will be called account, contact for Link Types: One-to-One Left, One-to-One Right and Many-to-One (screenshot 3). If the Link is named differently (eg account1, 1contact, mycontact etc.) the Portal Role will not work.
    • When Link will be called accounts, contacts for Link Types: One-to-Many and Many-to-Many (screenshot 4). If the Link is named differently (eg accounts1, 1contacts, mycontacts etc.) the Portal Role will not work.​
    Attached Files
    Last edited by victor; 06-07-2023, 03:21 PM.

    Comment


    • #3
      Hi victor thank you very much for helping out. Thank you for all this detailed work. But I must admit that I am lost I read your post a few times now and tried to get an idea of what is the problem. I'll prepare some screenshot down below.

      Screenshots that are connected to my question:
      ---------------------------------------
      If the portal user is assigned the right to see only Entity A records of his own Firma/Account then he sees only those that he created himself:
      Click image for larger version

Name:	espo6.png
Views:	134
Size:	10.1 KB
ID:	93369
      If the portal user is assigned the right to see ALL Entity A records regardless of which Firma/Account he belongs to then he sees all connected Entity A records:
      Click image for larger version

Name:	espo7.png
Views:	138
Size:	11.1 KB
ID:	93370

      So the relationship itself is intact, the hierarchy is constructed. But the visible records differ. Does this still sound like what you think is the root cause for my issue?

      Screenshots that you asked for:
      ---------------------------------------
      The NOT working entity is called "Abteilung" (meaning ~= department) as a n..1 child of Organisation/blurred (meaning = Account).

      Relationship view:
      Click image for larger version

Name:	espo1.png
Views:	156
Size:	25.0 KB
ID:	93366

      Relationship detail view:
      Click image for larger version

Name:	espo2.png
Views:	136
Size:	24.9 KB
ID:	93367

      Database view:

      And all entries have a filled organisation_id that is the same for every record from which the portal user only sees those that are his own:


      The working entity uses "account_id" as the field name.
      Attached Files

      Comment


      • #4
        In my opinion, you should translate your instance into English for a while, take screenshots again (in which everything will be in English and without blurring on the screenshots). It is extremely difficult to understand what is actually displayed to your Portal User, what is not, and what should be displayed.

        Because the rights for the portal role for both Entities look exactly the same. That is, a user with this role must see the records of Entity A and Entity B also absolutely identically (unless this user is assigned an additional role).

        Or, if you wish - I will delete this and the previous message, so as not to confuse the community, which may have understood your problem from your very first post in this topic.
        Last edited by victor; 06-07-2023, 03:23 PM.

        Comment


        • #5
          Hi victor,

          thanks again. I will setup a test instance these days to deliver the needed material. But this will take me a few days.

          In the meanwhile: Maybe a last try with my words to check if we're on the right track?

          What I am trying to say is that in the hierarchy view of Account (go to Accounts -> Some Account) like this:
          Click image for larger version

Name:	espo8.png
Views:	150
Size:	28.3 KB
ID:	93447

          This is the view of the portal user that is able to see all records of Entity A that belong to the scope read: ACCOUNT (see my very first post/first screenshot on the set permissions, there it is called Firma instead of Account). The user can see A1 and A4.

          If I change the portal users right the scope read: ALL records of Entity A instead of ACCOUNT then in the same view as above also the records for A2 and A3 will be visible to this user.

          So effectively: A1 to A4 are all related to Account in the background. But making all of them visible to portal users with the scope ACCOUNT does not work somehow. So is there still a need to investigate the things that you said?

          Comment


          • #6
            I recreated your case and everything is displayed as it should be:
            - I have 2 Portal Users (pele and zidan) with the same Role (screenshot 1). This is very important to eliminate the possibility of a conflict between the two Roles.
            - Each Portal User belongs to the same Account football account (screenshot 2).
            - Created 2 records from the admin in each entity, and one from each Portal User (screenshot 3).

            As a result, both Portal Users see 4 records from each entity, because all 4 records from Entity A and all 4 records from Entity B are associated with the football account (to which both Portal Users belong).​

            If I link any record in Entity A or Entity B (for example, it will be record A1 from Entity A), then of course in this case my Portal Users will not see this record A1, because I broke the connection between A1 and the football account.

            Most likely, you misunderstood the permissions of the account option (as shown in screenshot 1).
            This option allows the Portal User to see ONLY those records that are interconnected with the accounts to which our Portal User belongs. At the same time, it does not matter who created the A1 record.​

            Another example:
            If I associate the A1 record with another Anakonda's Heel account, then the A1 record will not be visible to any Portal User until I add this Anakonda's Heel to his profile. Let it be the User Portal pele (screenshot 4). So pele still sees all records of Entity A (A1 too). But Portal User zidan, who belongs only to the football account, sees only his records: A - created by zidan, A - by pele created, A2 (screenshot 5).​
            Attached Files

            Comment

            Working...
            X