XOG / REST API create of Custom Object Instances Best Practices on Instance Rights / assignInstanceRights
search cancel

XOG / REST API create of Custom Object Instances Best Practices on Instance Rights / assignInstanceRights

book

Article ID: 385484

calendar_today

Updated On: 01-10-2025

Products

Clarity PPM SaaS Clarity PPM On Premise

Issue/Introduction

XOG / UI create of Custom Object Instances would insert redundant Instance Object Rights for admin user

Creating a custom object instance seems to always also create instance rights, without a regard whether or not the resource has already Global rights on the object. This may end up creating many redundant instance rights for the admin user if XOG is used for large data inserts.

STEPS TO REPRODUCE:

  1. With an admin user, connect to Clarity – Administration – Objects – create a new custom object with API Alias
  2. Now grant full Global access rights over this object to this admin user
  3. Log out and log back in
  4. Perform the below actions with the same user and check table CMN_SEC_ASSGND_OBJ_PERM after each action:
    • Create a new instance in Clarity Classic
    • Create a new instance in Clarity MUX
    • XOG in a new instance 

Expected Results: Because this is an admin user with global rights, instance permission entries should not be added in CMN_SEC_ASSGND_OBJ_PERM

Actual Results: 2 entries are added every time a new object instance is created. If you open the admin user in Administration – Resources, and go to Resource – Access Rights - Instance – you can see instance rights were added for this object

Environment

All Supported Clarity Releases

Cause

Reviewed as DE161381

Resolution

Works as Designed. Bulk custom object records can be created without adding the instance rights using a XOG or API flag 'assignInstanceRights'. Refer to online documentation for more details.

  • Prior to 15.9.3, Classic & MUX actions always creates the instance right. We kept this as the default behavior because we did not want to disrupt existing customers expectations. 
  • By Default, the API and XOG also automatically adds the instance right. 
  • The API and XOG now has a 'flag' that allows creation of the custom object record without adding the instance right.  
  • The user that does the API or XOG updates must covertly add in the flag to turn off (set it to false) the creation of the instance right when the record is created. 
    • API and XOG flag --> assignInstanceRights  (set to false) 
    • By default if this flag is not present, it is assumed true. 

Best Practices: 

  • For any custom XOGs or GEL scripts that insert custom object instances, include assignInstanceRights  as in the example:
    <instance instanceCode="My Test Object Instance" objectCode="test_object" assignInstanceRights="false">
  • For any custom REST API calls to insert custom object instances, include 
    "assignInstanceRights" : false
Powered by Wolken Software