Expand my Community achievements bar.

Restrict data deletion in update Data activity

Avatar

Level 2

We have a requirement where users should not be allowed to delete any data from the schema. We have restricted the users with 'Delete data' option in folder properties. But users are still able to delete using query & update data activity in the workflow.

 

Is there any way to restrict deletion?

 

 

9 Replies

Avatar

Community Advisor

Hello @vkt1989 

Its not a bug its a feature. We have the same setup while on workflow i can remove the entire instance if i please.. but in the explorer i cannot remove a single thing.. maybe its a product related and not the setup itself.

 

But additional to folder restrictions you might set up the sysfilters on schemas maybe that way the update activity will throw an error
https://docs.adobe.com/content/help/en/campaign-classic/using/configuring-campaign-classic/editing-s...


Also you can add another enumeration which is used in update data where you will not add delete.

the used enumeration is in nms:workflow ---> operation type

 

<enumeration basetype="string" default="insertOrUpdate" name="operationType">
    <value label="Insert or update" name="insertOrUpdate"/>
    <value label="Insert" name="insert"/>
    <value label="Update" name="update"/>
    <value label="Update and merge collections" name="merge"/>
    <value label="Delete" name="delete"/>
  </enumeration>

 


Then  in the FORMS you will just feed different enumeration based on rights?

 

 <input xpath="@operationType"/>
<container type="visibleGroup" visibleIf="GetLinkCardinality([../@schema], @dstExpr)==0 OR @dstExpr=''">
                    <input enum="xtk:workflow:mergeType" label="Merge type" type="sysenum"
                           xpath="@operationType"/>
                  </container>

 

 

Using enableIf

https://docs.adobe.com/content/help/en/campaign-classic/using/configuring-campaign-classic/input-for...
Marcel

Avatar

Level 2
Hi @Marcel_Szimonisz. Its mentioned in the document that 'This restriction applies only to non technical users: a technical user, with related permissions, or using a workflow, will be able to retrieve and update data.' This means Anyone with workflow activity knowledge can bypass this restrictions

Avatar

Community Advisor

Ok i did not know, but when you second that with sysfilters on schemas it should do the job. Or not i do not see delete sysfilter in the docu

Avatar

Level 2
It will do the job but then again I want to restrict certain Out of the box schemas for which they mentioned 'However, Adobe recommends you not to modify the default parameters to guarantee optimal security.' This is the reason we are not modifying

Avatar

Community Advisor

Or you can change the drop down values based on rights? Edited the answer

Avatar

Level 2
Hi MarcelSzimonisz, Thank you for the answer. Yes this could be one of the option to disable delete. I haven't tried it as we do not want to modify out of box schema & forms

Avatar

Level 2
We also identified one more risk. Even if we disable the option in 'update data' activity but still user can delete the data using Javascript activity

Avatar

Employee

Hi, On a product standpoint, the path forward to control data CRUD remains the combo folder restriction + sysfilters. Sysfilters needs to apply on each schema/table and then could impact overall queries performance. On top of this, admin users cannot be blocked. admin is by definition such level of user with total control on the instance.

Avatar

Administrator

Hi @vkt1989 ,

 

Were you able to resolve this with the help that you got? Please let us know.

 

Thanks!



Sukrity Wadhwa