I’m trying to get a deep understanding of how the Search and View options work when a privacy rule is set, and I’m coming across a couple of areas of behaviour I’m not expecting. @neerja, could you help me to clarify whether what I am experiencing is expected?
Here is a complete list of how my tests have worked out. The potential bugs are listed in CAPITALS.
"Find This in Searches"
- Is being applied at the Thing level. If unset, the complete thing won’t appear in a search.
- is being applied at the field level. Any field not selected cannot be viewed.
A Normal Workflow
- Can only change things that can be found in searches
- It can change visible and invisible fields.
- When an invisible field is changed by a workflow, it becomes visible for a moment if displayed in a text box. IS THIS A BUG?
An API Workflow set to Ignore Privacy Rules
- Can still only change things that can be found in searches. It does not change an item that the privacy rules define cannot be found in a search.
- Hence it is working exactly the same as a Normal workflow.
- IS THIS A BUG?
- If this is normal behaviour, then what is the difference between the capabilities here and in a normal workflow? What are the privacy rules that are being ignored?
(@neerja, in this post you stated that the “Ignore Privacy Rules” setting impacts the items found in a search…)
Josh also said in the security Q+A:
If you need to modify data that the current user is not allowed to see, the best approach right now is to use a scheduled API workflow with the “Ignore privacy rules when running the workflow” box checked. This will run the workflow entirely on the server without sending data to the user’s web browser, and it will remove the restrictions on searches, so that the workflow can retrieve data that the user wouldn’t otherwise be able to access.