- changed status to open
Javascript after cell change not running for non-admins
We have a custom javascript that is executed after a cell change in a view widget. This javascript runs a process that then runs a TM1py script to take the text entered in the cell, and create a notation in a correlated numerical cell. The annotation uses incognito mode to record the annotation as the user running the process/changing the cell unless the user is an admin which loads the annotation with the service account.
This feature works in our non-production environment for admins and non-admins. However, in production, this is only working for admins. When a non-admin enters data in the cell, nothing else happens. But when we have the user test running the process with the same parameters, the annotation records under that user’s ID as expected.
This leads us to believe that the issue is with the javascript functionality. But we’ve confirmed the javascript is the same in both environments, and we don’t see any security layer for the javascript functionality.
Is there some reason why the javascript would not work for non-admins in our production environment?
Comments (3)
-
-
- changed status to closed
Please resubmit your request if the problem is still present.
-
- removed milestone
Removing milestone: 2023_Q1 (automated comment)
- Log in to comment
Hi Daniel, Apliqo doesn't impose any restrictions on running javascript functions. Any javascript set to run on an event should run for all users regardless of role in the TM1 server.
If it is working in one environment and not the other for non-admin users and in both environments for admin users then it sounds like you have a difference in TM1 permissions somewhere along the chain.
The execution chain does sound quite complicated. If I understood correctly:
This does seem a bit more complicated than necessary:
If a non-admin user runs the TI process directly with the correct parameters then the annotation is created. This woudl rule out a permissions issue to the TI process and to the user having the rights to update the annotations. (Still please check the user has read access to the TI process and write access to the }CellAnnotations cube.)
Have you checked in the browser developer console for both admin and non-admin users to inspect the calls being made on the network tab? Is it definite that the js function isn't called versus a failure later in the chain?