Home | Forums | Contact | Search | Syndication  
 
 [login] [create account]   Saturday, June 20, 2026 
 slxdeveloper.com
 Community
 Members
 General
 Architect
 External
 Web
 Downloads
 Resources
6/20/2026 8:27:00 PM







 
slxdeveloper.com Community Forums  
   
The Forums on slxdeveloper.com are now retired. The forum archive will remain available for the time being. Thank you for your participation on slxdeveloper.com!
 Architect Forums - SalesLogix Scripting & Customization
Forum to discuss writing script in Architect plugins for SalesLogix & general SalesLogix customization topics (for Windows client only). View the code of conduct for posting guidelines.
Forums RSS Feed


 Back to Forum List | Back to SalesLogix Scripting & Customization | New ThreadView:  Search:  
 Author  Thread: Security bug in Saleslogix group
Rekha
Posts: 72
 
Security bug in Saleslogix group
Posted: 07 Nov 07 12:29 PM
I have a new table in which i dont have seccodeid because it is not related to account. it is entirely new module. I am making use of Createuser and have created a group like this below:

SELECT A1.C_EXPENSEID, A1.CREATEUSER, A1.field3 FROM C_EXPENSE A1 WHERE (A1.CREATEUSER IN (select userid from usersecurity where managerid in (Select UserID from USERSECURITY where ManagerId = :UserID and ISMANAGER = 'T')))

this will show all expense of subordinates... but problem is while creating groups, my table c_expense shows up. users can create a group out of base table and be able to see others expense. how to overcome this security bug?
[Reply][Quote]
Vladimir
Posts: 93
 
Re: Security bug in Saleslogix group
Posted: 08 Nov 07 1:42 AM
It is not a security bug. You can add SECCODEID field manually.
[Reply][Quote]
Rekha
Posts: 72
 
Re: Security bug in Saleslogix group
Posted: 08 Nov 07 8:46 AM
Is there any other way than adding seccodeid? What if I want to mask certain tables from users and not allow them to create group?
[Reply][Quote]
RJ Samp
Posts: 973
Top 10 forum poster: 973 posts
 
Re: Security bug in Saleslogix group
Posted: 08 Nov 07 9:11 AM
IF a user can join to the table from the SLX Query Builder and the data is on their machine/server then there is no security for that table without having SECCODEID populated and present in that table/row. It's a SLX OLE DB Provider feature.

You can HIDE fields to limit the user's ability to create groups that are linked to other tables.....you can hid Tables as well? So if you have a Cost Table linked to Product....linked to Opportunity Product linked to Opportunity.......then you can hide the ProductID field in Cost to prevent them from linking to it in the SLX Query Builder.....
and DO NOT CREATE any extra Joins, that's just a free security breaching road map for your users.

You can write your own security stuff for the OLE DB Provider in 7.2.....not for the faint of heart unfortunately.
[Reply][Quote]
 Page 1 of 1 
  You can subscribe to receive a daily forum digest in your user profile. View the site code of conduct for posting guidelines.

   Forum RSS Feed - Subscribe to the forum RSS feed to keep on top of the latest forum activity!
 

 
 slxdeveloper.com is brought to you courtesy of Ryan Farley & Customer FX Corporation.
 This site, and all contents herein, are Copyright © 2026 Customer FX Corporation. The information and opinions expressed here are not endorsed by Sage Software.
code of conduct | Subscribe to the slxdeveloper.com Latest Article RSS feed   
 
page cache (param): 6/20/2026 8:58:10 PM