Question

4
Replies
206
Views
Close popover
Paul Beucherie (Paul5174)
SopraSteria

SopraSteria
FR
Paul5174 Member since 2016 3 posts
SopraSteria
Posted: January 30, 2017
Last activity: February 17, 2017
Closed
Solved

Non-authorized user viewing flow instead of access error message

Hello,

My application has different users with different roles: User, Manager, Administrator.
I've created a custom object (let's call it CUSTOBJ) along with a case type, and only Administrators are able to perform actions on them (as set in Designer Studio => Org & Security => Access Manager => Work & Process). See attachment for configuration details.

When I use a search box on my front-end UI to search for a CustomObject with a user of type "User", I get a "You are not authorized to open instance ONE-TWO-THREE-FOUR-CUSTOBJ CO-500" when trying to open the object through the search (see attachment). This behaves as expected.

When I use a search box on my front-end UI to search for a CustomObject with a user of type "Manager", the flow screen opens (see attachment), though I cannot proceed any further because clicking on the flow action does nothing.

While the manager hopefully cannot proceed any further, why am I shown this screen instead of the typical "You are not authorized..." message? Access is configured identically in the Access Manager for both Users and Managers. We even checked the PEGA-generated classes related to the CustObj object (in Records => Security => Access of Role to Object), and there doesn't seem to be any difference.

I'm probably missing something, but I can't pinpoint it. Any help appreciated.

Thanks.

v7.1.8

Security
Moderation Team has archived post,
Close popover This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.