Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

Restrict data deletion in update Data activity

vkt1989
Level 2
Level 2

We have a requirement where users should not be allowed to delete any data from the schema. We have restricted the users with 'Delete data' option in folder properties. But users are still able to delete using query & update data activity in the workflow.

 

Is there any way to restrict deletion?

 

 

9 Replies
MarcelSzimonisz
Community Advisor
Community Advisor

Hello @vkt1989 

Its not a bug its a feature. We have the same setup while on workflow i can remove the entire instance if i please.. but in the explorer i cannot remove a single thing.. maybe its a product related and not the setup itself.

 

But additional to folder restrictions you might set up the sysfilters on schemas maybe that way the update activity will throw an error
https://docs.adobe.com/content/help/en/campaign-classic/using/configuring-campaign-classic/editing-s...


Also you can add another enumeration which is used in update data where you will not add delete.

the used enumeration is in nms:workflow ---> operation type

 

<enumeration basetype="string" default="insertOrUpdate" name="operationType">
    <value label="Insert or update" name="insertOrUpdate"/>
    <value label="Insert" name="insert"/>
    <value label="Update" name="update"/>
    <value label="Update and merge collections" name="merge"/>
    <value label="Delete" name="delete"/>
  </enumeration>

 


Then  in the FORMS you will just feed different enumeration based on rights?

 

 <input xpath="@operationType"/>
<container type="visibleGroup" visibleIf="GetLinkCardinality([../@schema], @dstExpr)==0 OR @dstExpr=''">
                    <input enum="xtk:workflow:mergeType" label="Merge type" type="sysenum"
                           xpath="@operationType"/>
                  </container>

 

 

Using enableIf

https://docs.adobe.com/content/help/en/campaign-classic/using/configuring-campaign-classic/input-for...
Marcel

vkt1989
Level 2
Level 2
Hi @MarcelSzimonisz. Its mentioned in the document that 'This restriction applies only to non technical users: a technical user, with related permissions, or using a workflow, will be able to retrieve and update data.' This means Anyone with workflow activity knowledge can bypass this restrictions
MarcelSzimonisz
Community Advisor
Community Advisor

Ok i did not know, but when you second that with sysfilters on schemas it should do the job. Or not i do not see delete sysfilter in the docu

vkt1989
Level 2
Level 2
It will do the job but then again I want to restrict certain Out of the box schemas for which they mentioned 'However, Adobe recommends you not to modify the default parameters to guarantee optimal security.' This is the reason we are not modifying
MarcelSzimonisz
Community Advisor
Community Advisor

Or you can change the drop down values based on rights? Edited the answer

vkt1989
Level 2
Level 2
Hi MarcelSzimonisz, Thank you for the answer. Yes this could be one of the option to disable delete. I haven't tried it as we do not want to modify out of box schema & forms
vkt1989
Level 2
Level 2
We also identified one more risk. Even if we disable the option in 'update data' activity but still user can delete the data using Javascript activity
ChristopheProtat
Employee
Employee

Hi, On a product standpoint, the path forward to control data CRUD remains the combo folder restriction + sysfilters. Sysfilters needs to apply on each schema/table and then could impact overall queries performance. On top of this, admin users cannot be blocked. admin is by definition such level of user with total control on the instance.

Sukrity_Wadhwa
Employee
Employee

Hi @vkt1989 ,

 

Were you able to resolve this with the help that you got? Please let us know.

 

Thanks!