Webhook Security Filter Order of Operations

PCV_Tech · 09-03-2023 03:50 PM

I have a security filter on a table that says "specificuseremail@gmail.com has access to these rows"

i have an edit webhook that has the RunAsUserEmail property set to that email with the Bypass turned OFF, in this webhook is start expression that finds specific rows to act on. Now as an example;

With that security filter this webhook expression should find 2 rows

Without that Security Filter this webhook expression would find 5 rows

What ends up happening is the expression finds 5 rows and the webhook errors out with a 404 not found because the edit can not be applied to a row that it Now does not see, making it seem like the security filter gets applied after the initial "find all applicable rows" part of the webhook.

Now the reason behind why i went down this rabbit hole is irrelevant to the main question, which is Why can the webhook select from all the rows initially but upon edit the security filter finally says no?

* I say irrelevant because my logic behind accomplishing the task this way might be completely wrong, so now I'm just curious

WillowMobileSys

@PCV_Tech wrote:

i have an edit webhook that has the RunAsUserEmail property set

I am not familiar with this setting. Where is it?

@PCV_Tech wrote:

with the Bypass turned OFF,

This does mean that the Security Filter WILL be applied to the Bot so if only 2 rows are relevant to the current user, only 2 rows will be available. to make all rows available to the Bot, turn the Bypass ON.

Also, FYI, be aware, that it is possible to create a Security Filter such that when a user enters a row it does not meet the Security Filter restrictions and is filtered out on the next data update. In these cases, you might see the rows appear briefly in the app until the data update is applied and then they seemingly disappear.

PCV_Tech

Sorry yes it is my intent that only those 2 rows would be dealt with so the Bypass being Off is correct.

You are right if the webhook was triggered via data change under that user it would work exactly as you describe, however in this case I have it run on a schedule but the Security filter seems to apply only once the edit takes place. I know this because the Webhook response rows includes the rows that should have been filtered out.

WillowMobileSys

Be aware that Scheduled automations run on the server under the App Creator account. There is no concept of "app user" context for these Bots.

Now that I am thinking of it, I am not exactly sure how user-based Security Filters would apply in this context.

PCV_Tech

Ok Fair Enough

The run as useremail property does make it seem like we should be able to select the user for the automation regardless of how its triggered, but perhaps I am wrong.

Regardless of their intent it seems like it has an effect, just at an odd time.

WillowMobileSys

@PCV_Tech wrote:

The run as useremail property does make it seem like we should be able to select the user for the automation regardless of how its triggered, but perhaps I am wrong.

Maybe? Where is this property? I have been searching for it and have yet to find it. Maybe its a new feature I don't have access to yet?