ARSXML update permission query restriction

[teera_aoo]

I'm during try update query restriction by arsxml.

USER1 has permission to view application group AG1 but no query restriction configured at first time.
So, I export xml by arsxml export will have output xml something like this:

<onDemand xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <applicationGroup name="AG1" ... >
      <field name ... >
      <permission user="USER1" adminAuthority="true" lvAuthority="true" accessAuthority="true" docViewPerm="true" docAddPerm="true" docUpdatePerm="false" docDeletePerm="true" docPrintPerm="true" docCopyPerm="true" docHoldPerm="true" docCFSODPerm="true" docFTIPerm="true" annotViewPerm="true" annotAddPerm="true" annotDeletePerm="false" annotUpdatePerm="false" annotCopyPerm="true" />
       ....
   </applicationGroup>
</onDemand>

-- Then I have edit to --

<onDemand xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <applicationGroup name="AG1" ... >
      <field name ... >
      <permission user="USER1" adminAuthority="true" lvAuthority="true" accessAuthority="true" docViewPerm="true" docAddPerm="true" docUpdatePerm="false" docDeletePerm="true" docPrintPerm="true" docCopyPerm="true" docHoldPerm="true" docCFSODPerm="true" docFTIPerm="true" annotViewPerm="true" annotAddPerm="true" annotDeletePerm="false" annotUpdatePerm="false" annotCopyPerm="true"  queryRes="br_code = '001'" />
       ....
   </applicationGroup>
</onDemand>

When I execute arsxml command, it's not updated anything in permission:
arsxml  -hlocalhost -uadmin -ppassword -i update_perm.xml  -v -x -ecu

...
ARS7709I Adding applicationGroup-permission, AG1-USER1
ARS7743E A permission object named 'USER1' already exists.
ARS7761I Add of applicationGroup-permission, USER1-USER1 failed.

 -- Then I tried 'task="update"' inside xml tag, still no luck --
      <permission user="USER1" task="update" adminAuthority="true" lvAuthority="true" accessAuthority="true" docViewPerm="true" docAddPerm="true" docUpdatePerm="false" docDeletePerm="true" docPrintPerm="true" docCopyPerm="true" docHoldPerm="true" docCFSODPerm="true" docFTIPerm="true" annotViewPerm="true" annotAddPerm="true" annotDeletePerm="false" annotUpdatePerm="false" annotCopyPerm="true"  queryRes="br_code = '001'" />

But something changed in message ...

ARS7755E The permission object named 'USER1' can not be updated unless the parent object is also being updated.

Can anyone suggest solution to me?

[Justin Derrick]

You need to specify the Application Group or User Group that you want to apply that query restriction to.

As a matter of good governance, all permissions should be administered at the Group level, and users added to and removed from Groups in order to grant or restrict or deny access/permissions.

-JD.

[teera_aoo]

You need to specify the Application Group or User Group that you want to apply that query restriction to.

As a matter of good governance, all permissions should be administered at the Group level, and users added to and removed from Groups in order to grant or restrict or deny access/permissions.

-JD.

Yes, although I specified the group, I still cannot update the query restriction using the arsxml command.

...
  <applicationGroup name="AG1" ... >
     <permission group="GROUP"  ....... queryRes="br_code = '001'" />
...