My Pages Bypassing User Role Access
My organization has been using Role Access on the New UX app pages to open/close certain processes that our end users complete. For example: Funding requests for the next fiscal year are only solicited during a 3 week timeframe. We assign access to the user roles which need to access the app page(s) and once the period is over, access is subsequently removed.
I just found out that if a user creates a My Page of this app page, then they will retain access to continue submissions even after the "original" app page access is removed. I am in the process of adding Boolean checks and Write Access Drivers to the underlying modules to prevent this. Without turning off My Pages for the module itself, as we do want end users to use this functionality, what would be the best course of action to prevent these kinds of unintended access?
Best Answer
-
@mrobinson - outside of DCA access drivers the other option I would see is model role. During the window for funding requests you would have a users in a role that has write access to the modules, actions, etc. and after that window passes they move to a role that has read access.
However, the DCA would likely be easier to administer since it is a global setting and not user centric (aka single flat system Boolean input drives the write access driver for all users). I recommend the model role option when you have certain individuals who need to be "locked down" while others retain the ability to edit.
1
Answers
-
@Tiffany.Rice - Thanks for your input! I never really thought about using a different model role option, but with such a vast amount of user roles with ever changing access requirements, I can foresee that becoming a fairly large burden. I will continue with the DCA write access drivers so that we can just manually toggle on/off access.
0