Thursday, November 03, 2005
Opportunistic Search Trap Rule
If permissions checking is not bypassed, and no provider role type is supplied then the user must have permission on a data element for all role types (that they want to query), for all USED Data Sets,AND all qualifiers [only if you haven’t specified the qualifier to use – if you have then you perms only one the one you specified] (e,g. for an address) in order to use that data element as a query criterion. For example, you must have permission on the Business Contact Address City for HA1’s data and for HA2’s data in order to prevent the role type from being eliminated from the list