Data Privacy Rules is not working - allowing anyone to view and modify User data

Hello,
I created privacy rules for my User table. only users with certain roles can access and/or edit the data, while others cannot:

However, in a simple test, I could see that logged out users can actually see all the data (if they reach the right page) and to my surprise even modify it. My suspicion is that this bug is only limited to the User table. All other custom tables are behaving as expected.

Anyone else noticed that?

Is there a way to resolve this gap? I know I could update the UI query to address this, but I don’t think that would pass as secure, I think data (especially PII data ) should be protected in the data access level and not in the application level.

Thanks,
Eldad Mittelman

This topic was automatically closed after 14 days. New replies are no longer allowed.