Row Permission Filter should not return data when the check errors

Question

Row Permission Filter should not return data when the check errors

Closed this issue 3 months ago · 2 comments

If permission checking errors while performing the check, it is essential that data is hidden incase the user does not have the correct permission to view that data. This is an important security feature.

Currently default behavior for all filter is that if it errors, just don't apply the filter

Answer 1 · 2024-07-01T11:38:57.000Z

One option is to enforce it within the RowPermissonFilter so if there is any exception, return empty primary keys.
Then need to review how it works when RowPermissonFilter is used with another filter and the second filter throws exception.

Need to review how this work for virtualised table

Answer 2 · 2024-08-13T14:41:01.000Z

In case of an exception, i would not return empty primary keys but rather skip the particular key that throws exception and continue processing