Hello, I am implementing query security on the RC_CASE table in our company. After adding query security record to the RC_CASE table, all the USER queries using RC_CASE table got updaged with a new join with query security record. (Which is expected)
But my question is about ROLE queries. According to peoplebooks, PROCESS and ROLE queries supposed to override the automatic query security logic.
(Please refer to Home > PeopleBooks > Enterprise PeopleTools 8.48 PeopleBook: Security Administration > Implementing Query Security+_)
My interpretation of above statement is, ROLE queries based on RC_CASE table will NOT get updated by adding query security record to RC_CASE table.
But in my application I do see ROLE queries are getting updated along with USER queries after I add query security record.
Could you any one explain why ROLE queries are getting updated after adding Query security record?
First of all, modifying existing record is not a wise option as it could have adverse impacts. Clone the record and then use it.
There is difference between Query Security and Row level Security.
Query Security - Ristricts access to the records (via Access Groups) and what the users can or can't do with those records (like, number of joins, Distinct, etc.). This implies to User queries only and Role & Process queries are exemption to this security model. (this answers your concern)
Row Level Security - is acheived by attaching security views directly to the records. Once a security view is attached to a record definition, it will always be in action unless you remove it. Always be carefull while attaching security views to delivered records.