Trigger a bot on tables with securitiy filters

APP_Account · 11-09-2021 04:07 AM

Hello,
I have a bot which is supposed to update a timestamp in a table and eventually there are columns with formula to calculate data from another table. Both tables have security filters based on userID. when I manually activate timestamp change action with a button by various users it works fine and data is calculated for each user individually, but when I put it on schedule, all individual users get results based on the selection by user= admin. Am I missing something? I though bots would be triggered for each individual user and calculate data for each individual user when security filters are set so?
I really tried all kinds of possibilities and got stuck with this.
thanks for any response.
Dmitrij

Marc_Dillon

A schedule Bot is run by the server.

APP_Account

Hi Marc,

Thanks for feedback

This means no security filters are working and each formula needs to make a selection for each user?

Marc_Dillon

If your Security Filters are based on the user, then no, they won’t work when something is being processed by the server.

I don’t know what you mean by this. You may need to provide more details about what you’re trying to do.

SkrOYC

An screenshoot could help

APP_Account

Table USERS:

Bot UPDATE USERS. With update for each row

When security filter is empty - all lines update timestamp and recalculate to the same RP,AP and TP

When security filter is [id]=USEREMAIL() - only first row is updated (see different timestamp on the screenshot)

The goal is that when a bot updates timestamp each row updates RP,AP and TP taking into account security filters. Values in RP, AP and TP are different for each row. This has been manaully checked.
Moreover, if I only test timestamp update via action button accessing app as a different users - all calculations take place correct. E.g. update made fro 3rd row accessing app with useremail stated in [ID] column of 3rd row:

Marc_Dillon

Does the first row’s [id] value happen to be the same as the email address of the app owner? I believe when the server processes something, USEREMAIL() returns as the owner’s email. In such a case, your Security Filters would prevent the server from seeing the other 2 rows. Probably a perfect case for usage of the “Bypass Security Filter?” setting in your Event. Unless your calculations themselves also use USEREMAIL(), but perhaps that could be changed to just using the [id] value.

BTW, you forgot to redact the email addresses in your 3rd screenshot.

SkrOYC

I’ve found this:

Reports Run as the App Owner

When your Report is run by the scheduler, the Report runs under the identity of the application owner.

If you use a Security Filter, it must allow the application owner to read all records used by the Report. For example, if the application owner is AppOwner@business.com, your security filter might be:
OR(
  USEREMAIL()=AppOwner@business.com,
  USEREMAIL()=table[UserID]
)
This security filter allows the application owner to read all records, while individual users can only see their own records.

In this scenario, it is useful to have a ‘dummy’ account on which the applications are hosted; the dummy account would never actually interact with the apps beyond creating them.

I guess it applies to bots

WillowMobileSys

Reports are Scheduled Bots

SkrOYC

I mean Bots is the new thing under Automation that replaces Workflows and Reports. The reference to the docs are for the old thing but I think it should apply in this case

APP_Account

Thank you, it seems to me this clarifies my issue. I will rework my setup and give a feedback in this thread

APP_Account

Marc,

thanks for comments. It seems you are showing wright direction. I am changing formulas to introduce [ID]. Will give a feed back later on

1minManager

I think the answer might be that when a scheduled bot runs, UserEmail() = NULL. So alot of formulas which reference this will fail or act odd

APP_Account

Hi Simon. Thanks for swift reply. Is it mentioned somewhere in documentation that bots are running above security filters?

1minManager

Thats an option in the bot, but its not on by default