View Only Permission is allowing to manage object entry with Relationship
knowledge-article-header-disclaimer-how-to
knowledge-article-header-disclaimer
legacy-article
learn-legacy-article-disclaimer-text
Issue
- The role has only view permission; instead of that, it is able to see the 'Add' option and 'Delete' option.
Steps to reproduce:
1. Start the server.
2. Imported the provided files at our end, 'Object_TicketCategory' and 'Object_SupportTicket by navigating to Control Panel > Objects > Import object definitions.
3. Then go to Control Panel > Object > Objects > Ticket category > Layouts.
4. Click on 'Default layout' and then click on the 'Layout' tab.
5. Then create a tab with any name, let's say 'Child', and add the parent object.
6. Now navigate to the home page and edit it, add the created object from the widgets, and create entries.
7. Then go to 'Control Panel > Roles' and create a role and provide permission that I have shared in the attachments.
8. Assigned that role to the new user and logged in with the newly created user.
9. Then click on one of the entries in the parent object and navigate to the 'Child' tab.
Expected behavior: The user should not be able to see the add and delete options.
Observed behavior: The user is able to see the option to add and delete the entry. But when we click on the delete option, it shows an error on the UI.
Resolution
- The 'Delete' option is visible with the view permission. This is the known bug addressed by the LPD-47730
- The 'Add' option is visible with the view permission. In this, a new user with view permission will not be able to add a new entry; however, the option to "Select Existing One" will be visible. This button cannot be hidden due to performance issues; if the user clicks on that button, we cannot throw the permission error due to the same reason. Therefore, our team added the error pop-up when you click on + which is 'Select Existing One' It'll open a list of unrelated entries that the user can try to associate by clicking in the row; if the user has no permission to associate, a permission error message will appear informing them that “You do not have required permission”. (Attached video to get more clarity on this.)
- Please see here: LPD-47878
did-this-article-resolve-your-issue
