How to debug a permissions error?

SilentNight · Post by **SilentNight** » Sun Jan 22, 2023 9:41 am

Under Server-Events -> Table-Specific -> Row_Updated and Row_Updating is custom code to manipulate data while a user is trying to save it to the database.

The code in there was tested with an administrator account. On the administrator account Master/Detail Edit works as it should but on a a non-admin sales account trying to save a Master/Detail Edit results in a failure binging the client to the Master/Detail View page with a generic red toast notification that says Error No Records Found.

Sadly there is nothing notable logged to the client console, the server console, or in the server logs.

I put a Log("Row_Updating"); and a Log("Row_Updated"); at the top of their respective sections and Row_Updating is logged but Row_Updated isn't. This led me to believe the error is somewhere in Row_Updating but I also put one at the bottom of Row_Updating and it was logged as well. This leads me to believe everything in Row_Updating is running fine and the failure is located elsewhere but I don't know where to look. Is there anything that could be between Row_Updating and Row_Updating?

Is there a better way to debug this?

mobhar · Post by **mobhar** » Sun Jan 22, 2023 12:34 pm

You may post your code for more discussion.

SilentNight · Post by **SilentNight** » Tue Jan 24, 2023 4:53 pm

I found out about Advanced Settings -> Log SQL to File and noticed the output was rolling back right after this line:

SELECT * FROM QuoteDetails WHERE `QuoteDetailsID` = 1427 AND `QuoteID` IN (12,27,168,169,170,171,173,174,175,176,177,179,181,182,313,436,437,509,513,521) AND `QuoteID` IN (12,27,168,169,170,171,173,174,175,176,177,179,181,182,313,436,437,509,513,521)

When editing the record successfully on an admin account the equivalent line instead looked like this:

[2023-01-24T03:19:39.693611-05:00] log.DEBUG: SELECT * FROM QuoteDetails WHERE `QuoteDetailsID` = 1431 {"params":[],"types":[],"executionMS":0.04360795021057129} []

The part " AND QuoteID IN " was missing on the successful one.

This made me think about how I had User ID security enabled for Quotes without the Allow View All permission.

Checking Allow View All would make this work properly but I didn't want salesmen seeing each other's quotes so instead I removed User ID security for this table entirely and instead implemented a table filter under Table Options -> General -> Filter:

"`Employee` = " . CurrentUserID()

This works well however now I'm confused about how PHPMaker permissions apply within custom scripts. Based on what I know now it seems like User ID permissions do apply but User Level permissions don't? I'd like confirmation on this.

arbei · Post by **arbei** » Wed Jan 25, 2023 2:20 pm

User Level Security is table level (e.g. if the user can access the Edit page). User ID Security is record level (e.g. if the user can access a particular record). If you have enabled both and you want to allow Master/Detail-Edit, make sure the user has table level Edit permission for BOTH the master and the detail table, and User ID permission to access BOTH the master and detail records.