ACL rule output messages

ACL debugging displays ACL rule output messages at the bottom of each list and form.

The output message displays the following:
  • Context information.
  • The results of each type of ACL test.
  • Hyperlinks to the ACLs that run on the list or form.

ACL messages

Each message displays the following information:

Table 1. Message information
Message element Description
TIME The total time used to process this ACL rule.
PATH Information that uniquely identifies each ACL rule in the format: <ACL rule type>/<ACL rule name>/<Operation>.
CONTEXT The object being evaluated by the ACL rule.
RC The return code of the ACL rule. A true value passes the ACL rule. A false value fails the ACL rule.
RULE A brief summary of processors and scripts, followed by ACL results for each table-level and field-level ACL evaluation. Most ACL evaluations show an overall pass or fail result followed by a breakdown of the results for each type of ACL criteria:
  • iAccessHandler: An internal system check using hidden source code on the platform. This is a system security check that you cannot modify. IAccessHandler can grant or deny access to a resource without evaluating ACLs. If IAccessHandler is ignored, then the ACLs are evaluated. You cannot modify the IAccessHandler checks in any way. For example, an IAccessHandler implementation is used for access checks on application resources and this cannot be changed.

    This is available starting with the Istanbul release.

  • Roles: Verification that the user has the correct role.
  • Condition: Verification that the user passed the condition specified on the ACL rule (if any).
  • Script: Verification that the user passed the script specified on the ACL rule (if any).

ACL icons

The icons that appear show how the ACL was evaluated:

Table 2. Evaluation icons
Icon Description
A green checkmark (Green checkmark‎) Indicates the table or field passed the criteria.
A red x icon (Red x icon) Indicates the table or field did not pass.
An empty gray circle icon (Grey circle icon‎) Indicates the ACL evaluation did not need to be performed.
A blue checkmark, x, or empty circle Indicates that the ACL was taken from a cached result of a previous ACL check. The icons mean the same as the above.

Using ACL debug messages

You can perform these actions on the ACL debug output:
  • Select or clear these check boxes at the top of the debug output:
    • Security rules: Show or hide the results of the ACL checks.
    • Others: Show or hide other warnings or messages.
  • Click the name of the ACL next to any of the output messages to open that ACL record.
    Figure 1. Click the ACL link
    Click the ACL link
  • Hover the cursor over any of the icons for the four ACL checks to see more information.
    Figure 2. Hover over an ACL icon
    Hover over an ACL icon