DataGridBuilder security issue
Summary:
Hi,
We have a rule using DataGridBuilder to do some calculation and save data back. When the rule is executed by users, data didn't get saved back. Then we figured out the reason is that users are assigned with Adhoc Readonly User role which is purposed to restrict users submit data from smartview. Now it's also stopping the business rule to save data.
My understanding is that when the rule executed in the backend, it's privileged to run as admin(just like how a classic business rule does). Now it seems DataGridBuilder is not the case. I could think of the workaround might be to create another groovy rule and call REST API with Admin credentials to run the user rule for saving data. But we have many such rules with DataGridBuilder to do the calculation, and to create another rule for each of these seems messy.