If you have an Inline Application, does the user need security that grants them access to it and its table(s), or does security get ‘inherited’ through whatever access the user has to the hosting application?
Inline applications are still full application models, just nested within another application. This means that data for the inline app is fetched through the “lens” of the inline app, meaning the application’s security and table’s security applies.
So you must have at least Read level access to the top-level application and table, and Read level access to the inline app and its table.
If you only had Read access to the top level application, you would be able to fetch and read those records; but, when pulling up the detail of one, you would see an error that you are not authorized to read the inline app.
The only time this doesn’t apply is when the top level application’s table, or the inline app’s table, has the Playpen security group, as this causes all security to be skipped.
1 Like