TS001839266 — API call table update for read only Input Form

Varicent Sales Performance Management Documentation

TS001839266 — API call table update for read only Input Form

Fixed: Resolved an issue where a user with a restricted role can update, add or delete table rows using RestAPI calls using a read only Input Form for that table.

Reproduction Steps

1. Log in to the admin client.

2. From Composer, create a custom table with two columns. Add some rows with data.

3. Go to Admin > User and Permissions > Add new role.

4. Assign view only access to the new role.

5. Select the model > Model Options > Add User. Assign the user to the new role.

6. From Composer, select the table from step 2 > Show More > Input Forms > Add Input Form.

7. Edit the Input Form and make the columns Read Only.

8. Ensure the role created in step 3 has permissions for the input form.

8. Update the table using an API call.

The result is the user is able to edit tables using API calls when a user with read only permissions should not be able to edit tables in the admin client.

In this section:

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.

Varicent Sales Performance Management Documentation

TS001839266 — API call table update for read only Input Form

Reproduction Steps

Search results