English | English
German | Deutsch
Indonesian | Indonesia
Spanish | Español
Turkish | Türkçe
Restrictions on ALLOWED clauses
Scope: managed applications, ordinary applications.
Sometimes, if a query contains the ALLOWED clause to comply with the user's access rights, the query result might be invalid. It is recommended that in order to ensure proper operation of the application's business logic, most of the subsystems are granted unlimited access to the data they address.
For example, if you embed the ALLOWED clause in the queries that calculate the cost of goods sold, the resulting cost might differ for users with different access rights. In such cases, you need to maintain data integrity. To do so, either grant users the right to read all data that the query requires, or stop the query and inform the user about insufficient rights.
Analyze carefully what data is critical to the business logic. For example, if a user does not have the right to read vendors' contact details, they will not show up in query results. However, contact details are not a part of the application's business logic. So, restricting access to contact details for a user will not affect the data integrity and validity.