BUG - API's "Ignore Privacy Rules" Setting Doesn't Appear to Work

Hey everyone…

I’m trying to get a deep understanding of how the Search and View options work when a privacy rule is set, and I’m coming across a couple of areas of behaviour I’m not expecting. @neerja, could you help me to clarify whether what I am experiencing is expected?

Here is a complete list of how my tests have worked out. The potential bugs are listed in CAPITALS.

“Find This in Searches”

  • Is being applied at the Thing level. If unset, the complete thing won’t appear in a search.

View Fields

  • is being applied at the field level. Any field not selected cannot be viewed.

A Normal Workflow

  • Can only change things that can be found in searches
  • It can change visible and invisible fields.
  • When an invisible field is changed by a workflow, it becomes visible for a moment if displayed in a text box. IS THIS A BUG?

An API Workflow set to Ignore Privacy Rules

  • Can still only change things that can be found in searches. It does not change an item that the privacy rules define cannot be found in a search.
  • Hence it is working exactly the same as a Normal workflow.
  • IS THIS A BUG?
  • If this is normal behaviour, then what is the difference between the capabilities here and in a normal workflow? What are the privacy rules that are being ignored?

(@neerja, in this post you stated that the “Ignore Privacy Rules” setting impacts the items found in a search…)

Josh also said in the security Q+A:

If you need to modify data that the current user is not allowed to see, the best approach right now is to use a scheduled API workflow with the “Ignore privacy rules when running the workflow” box checked. This will run the workflow entirely on the server without sending data to the user’s web browser, and it will remove the restrictions on searches, so that the workflow can retrieve data that the user wouldn’t otherwise be able to access.

@antony Instead of starting multiple threads, it might be helpful to submit a bug report with an actual test case.

1 Like

Hi @neerja… well I submitted a second thread in the Bugs category because you hadn’t replied to my first post in the last 4 days, and I thought maybe it should be listed under bugs instead for you to see it more easily.

I’m lead to believe we should post in the forum first, and then file a bug report when we have confirmation it is a bug… and I’m not sure if that is the case so I’m here asking your advice first!

Could you confirm if you think what I have explained is a bug, please?

Thanks! :slight_smile:

Antony.

1 Like

@antony Unexpected behavior can be due to multiple reasons. You can post back here with your takeaways for those points after we complete our review of the issue in your test app once you submit a bug report.

@neerja… so please, can you confirm for me, that with an API Workflow set to ignore privacy rules, then it should be able to search for items that the privacy rules prevent from being found in other situations?

I want to be sure my understanding is right before wasting my time and yours submitting a bug report for something that I have just not understood properly!

I thought that was the reason we have this Bugs category on the forum…

Thanks!
Antony.

@antony From the reference: Ignore privacy rules when running the workflow - A scheduled workflow runs in the context of the current user when it is scheduled. All privacy rules apply to that user. To bypass these rules and run as an admin user who has all rights to the data, check this box.

The bugs category is to quickly report and discuss bugs but it is not a replacement for a bug report.

hi @neerja… thanks for your reply. I take your reply as answering “yes” to my question.
I realise the bugs category is to discuss bugs before submitting them… that is what I am doing with you now.
I’ll submit a report!
Best wishes,
Antony.

@antony So it seems I’m not the only one having this issue, API workflows not respecting the “Ignore Privacy Rules” setting . I submitted a bug report to Bubble on April 11 being very clear about what was wrong.

Now it is 28 days later and the problem is still here. I haven’t gotten any updates from Bubble after our initial thread.

Honestly seems like our bug reports are being sent straight into a big trash pile.

2 Likes

@marcuslate Your bug report was for a recurring workflow and it is on the review list for our engineering team. It is definitely not being ignored. The error does not appear to be with ‘ignore privacy rules’ though we consider all factors for bugs.

1 Like

@neerja That review list for the engineering team must be extremely long at this point :grinning:

3 Likes

This topic was automatically closed after 14 days. New replies are no longer allowed.