Filter search condition showing disallowed attributes

I have created a standard user role where only certain entity Attributes are permitted. I have ‘Assigned only’ checked and I am disallowing all the system attributes (createTs, createdBy etc.). However, when I go to a browse page with a filter, disallowed properties still show up.

I did a test where I disallowed every attribute and then went to the filter and the attached image highlights that a bunch of attributes are still able to be filtered on.

filter condition

1 Like

It is a bug. We created an issue, please see the link in the right panel. Thanks for reporting it.

As a workaround you can use the exclude attribute of the filter properties tag:

<filter id="modelsFilter" datasource="modelsDs" applyTo="modelsTable">
        <properties include=".*" exclude="(deleteTs)|(deletedBy)"/>        

Thx. The workaround doesn’t work for nested/associated StandardEntity. If my entity A contains a field B which is also an entity, the filter above filters the excluded properties from A but they still show up when you expand B.

Also, the roles permissioning doesn’t seem to work either for excluding the entire entity. If my entity A contains a field B which is also an entity, and I hide attribute B, it still shows up in the filter. The exclude workaround does work for this use case. though.

:ticket: See the following issue in our bug tracker: