I have created a standard user role where only certain entity Attributes are permitted. I have ‘Assigned only’ checked and I am disallowing all the system attributes (createTs, createdBy etc.). However, when I go to a browse page with a filter, disallowed properties still show up.
I did a test where I disallowed every attribute and then went to the filter and the attached image highlights that a bunch of attributes are still able to be filtered on.
It is a bug. We created an issue, please see the link in the right panel. Thanks for reporting it.
As a workaround you can use the exclude attribute of the filter properties tag:
<filter id="modelsFilter" datasource="modelsDs" applyTo="modelsTable">
<properties include=".*" exclude="(deleteTs)|(deletedBy)"/>
</filter>Thx. The workaround doesn’t work for nested/associated StandardEntity. If my entity A contains a field B which is also an entity, the filter above filters the excluded properties from A but they still show up when you expand B.
Also, the roles permissioning doesn’t seem to work either for excluding the entire entity. If my entity A contains a field B which is also an entity, and I hide attribute B, it still shows up in the filter. The exclude workaround does work for this use case. though.
See the following issue in our bug tracker: