Hi everyone,
I am building a report that is accessed by a Super Admin (business user). The purpose of the report is to display which users belong to which groups.
To retrieve the group information, I am using the a!groupsForUser() function. However, when the report runs under the business user context, I receive the following error:
a!groupsForUser()
Expression evaluation error in rule at function a!groupsForUser [line 6]: The user does not have sufficient privileges to get groups for user. [User Context: ...] does not have sufficient privileges to perform the requested action.
a!groupsForUser
It appears that this happens because some users belong to restricted groups (for example Developer groups or Health Report groups) that the business user running the report does not have permission to view.
Because of this, the entire report fails instead of simply ignoring those restricted groups.
My question:
Is there a way to:
Retrieve only the groups that the logged-in user has permission to see, without the expression failing, or
Skip/ignore restricted groups when using a!groupsForUser() so the report can still run successfully?
Any suggestions or best practices for handling this scenario would be greatly appreciated.
Discussion posts and replies are publicly visible
rameshk3984 said:Retrieve only the groups that the logged-in user has permission to see, without the expression failing, or Skip/ignore restricted groups when using a!groupsForUser() so the report can still run successfully?
a!groupsForUser() cannot skip restricted groups; it throws an error if the target user is in any group the viewer cannot see.To make your report work, either run it under a system/reporting account that can see all groups, or change group visibility so your Super Admin user can view those groups.
You will either have to change the group visibility, or give that "Super Admin" enough permissions.
Or, you restrict that report to only the groups that "Super Admin" has access to. This might become relevant as soon a you have more than a single application on that environment.