Adobe Campaign Classic v7 & Campaign v8

vkt1989 · 8/17/20

We have a requirement where users should not be allowed to delete any data from the schema. We have restricted the users with 'Delete data' option in folder properties. But users are still able to delete using query & update data activity in the workflow.

Is there any way to restrict deletion?

Marcel_Szimonisz · 8/17/20

Hello @vkt1989

Its not a bug its a feature. We have the same setup while on workflow i can remove the entire instance if i please.. but in the explorer i cannot remove a single thing.. maybe its a product related and not the setup itself.

But additional to folder restrictions you might set up the sysfilters on schemas maybe that way the update activity will throw an error
https://docs.adobe.com/content/help/en/campaign-classic/using/configuring-campaign-classic/editing-s...

Also you can add another enumeration which is used in update data where you will not add delete.

the used enumeration is in nms:workflow ---> operation type

<enumeration basetype="string" default="insertOrUpdate" name="operationType">
    <value label="Insert or update" name="insertOrUpdate"/>
    <value label="Insert" name="insert"/>
    <value label="Update" name="update"/>
    <value label="Update and merge collections" name="merge"/>
    <value label="Delete" name="delete"/>
  </enumeration>

Then in the FORMS you will just feed different enumeration based on rights?

 <input xpath="@operationType"/>

<container type="visibleGroup" visibleIf="GetLinkCardinality([../@schema], @dstExpr)==0 OR @dstExpr=''">
                    <input enum="xtk:workflow:mergeType" label="Merge type" type="sysenum"
                           xpath="@operationType"/>
                  </container>

Using enableIf

https://docs.adobe.com/content/help/en/campaign-classic/using/configuring-campaign-classic/input-for...
Marcel

vkt1989 · 8/18/20

Hi @Marcel_Szimonisz. Its mentioned in the document that 'This restriction applies only to non technical users: a technical user, with related permissions, or using a workflow, will be able to retrieve and update data.' This means Anyone with workflow activity knowledge can bypass this restrictions

Marcel_Szimonisz · 8/18/20

Ok i did not know, but when you second that with sysfilters on schemas it should do the job. Or not i do not see delete sysfilter in the docu

vkt1989 · 8/18/20

It will do the job but then again I want to restrict certain Out of the box schemas for which they mentioned 'However, Adobe recommends you not to modify the default parameters to guarantee optimal security.' This is the reason we are not modifying

Marcel_Szimonisz · 8/18/20

Or you can change the drop down values based on rights? Edited the answer

vkt1989 · 9/1/20

Hi MarcelSzimonisz, Thank you for the answer. Yes this could be one of the option to disable delete. I haven't tried it as we do not want to modify out of box schema & forms

vkt1989 · 9/1/20

We also identified one more risk. Even if we disable the option in 'update data' activity but still user can delete the data using Javascript activity

ChristopheProtat · 10/11/20

Hi, On a product standpoint, the path forward to control data CRUD remains the combo folder restriction + sysfilters. Sysfilters needs to apply on each schema/table and then could impact overall queries performance. On top of this, admin users cannot be blocked. admin is by definition such level of user with total control on the instance.