Confused by ACL entry description


I’ve been given the following ACL entry:

   canUpdate: true,
   canRemove: true,
   canModifyAcl: true,
   member: { id: 'ManagerGroup' }

In the description of this ACL entry it is claimed the ManagerGroup can read the record – because read access is implicitly granted – and that the CustSvcGroup can update/remove/modifyAcl the record.

I don’t see how CustSvcGroup is granted access to perform those actions. It is not mentioned in this ACL entry at all.

Therefore was a mistake made in the description of this ACL? Or was a mistake made in the ACL?


Can you post the definition of the CustSvcGroup admin group?
Note that If this group contains ManagerGroup as a subgroup then it will inherits all its permissions and ACLs.

  "id": "CustSvcGroup",
  "name": "CustSvcGroup",
  "groups" : [
    {"id" : "ManagerGroup"},
    . . .
  "roles": [
    { "id" : "..."},
    . . .


I do not have the definition of CustSvcGroup … just the above, and the claim about it.


Do you have the access to the console on the environment where this AdminGroup is defined?
If so then you can have a look to its definition with

  • c3Grid(AdminGroup.get('CustSvcGroup')) if CustSvcGroup is the id,
  • c3Grid(AdminGroup.fetch({filter: Filter.contains('name', 'CustSvcGroup')})) otherwise