I have tightening up the privacy rules on a client app and I have a weird thing going on where the privacy rules I have put it are not working as expected.
I have attached a screenshot showing how it is currently set up.
The thing that is confusing me is - why does the ‘Amount’ field remain available in a backend workflow (Ignore Privacy Rules is unticked) to the Current User, who created the record; even though the ‘Amount’ field is unticked?
If I untick the ‘Find this in Searches’ (and tick the ‘Amount’ field) as expected the ‘Amount’ field is blank when I reference it. But when I tick ‘Find this in Searches’ and untick ‘Amount’ it appears.
This is unexpected.
Now, I actually do want to be able to see the amount, so it does work as expected when I tick both Find in Searches and Amount. But this is messing with my understanding of how Privacy works. I am wondering whether it is s bug, or whether I am misunderstanding something fundamental?
Does it have something to do with the creator being the current user? Or the record being created in the same backend workflow?
read your conditional statements carefully and make sure you preview the app as a user of the app and not the admin
preview using any user from your app data
(All of this is because I have been creating “Unit Tests” (BE Workflows, triggered from the front end as a user, to test out some of functionality pre/post privacy changes).
From your inital post, i don’t see any issue there?
find in searches simply means the database record will be visible on a search results page like repeating groups and ticking the datafield box just means you can actually control which field you want to be visible
Yep, that is my understanding too. Which his why this is boiling my mind. It seems very unexpected.
I am creating the Stripe Transaction record manually during the run of the Unit Test workflow. It is owned by the user I am logged in as.
Initially I thought because I was referring to “Result of Step X…” that was reason, so I changed the action to do an actual search, first by Creator, and then by other fields. And it still acts the same.
Initially the record was blank when searched, because they were not owned by the user logged in. So I created the Strip record to make sure, for each run of the test, whoever was logged in, there would be a Stripe Transaction.
To test the rules were working properly I then removed (unticked) various things, to prove the opposite. And this is when I got this issue.
