I am wondering what the difference is between user groups and ACL. Would you typically use one above the other in certain situations. What are some advantages and disadvantages for both approaches also with regards to application security.From Outsystems documentation: "In OutSystems, the recommendation is to use OutSystems user roles to restrict or allow end users to access specific screens and operations of your application. However, user roles shouldn’t be used if you want to set up a hierarchical permission control to your application data. To guarantee a scalable and dynamic data segregation per business requirement the recommendation is to build ACL."(https://success.outsystems.com/documentation/best_practices/architecture/use_access_control_list_to_set_up_permission_based_access_to_data/)
I find this explanation a bit difficult to understand without examples.
Hi,
The URL of the documentation does contain an example, but maybe this older conversation on the same topic helps?
https://www.outsystems.com/forums/discussion/62557/are-you-using-access-control-lists-acl-in-your-outsystems-apps/
Regards,
Daniel
Hi, I have seen the example for querying data with ACL but I'm still unsure in which situation you would rather use ACL than user roles. As far as I have understood, you would use ACL if you have nested/hierarchical user controls but the advantages and disadvantages of both approaches are not quite clear to me.
I also checked out the other post that you linked.