- New ACLs on Change table i.e. 'change_request.conflict_status' & 'change_request.conflict_last_run' has required roles as 'nobody'.
- They were created in Rome as part of a larger Security review across the whole platform.
- There were a lot of ACLs shipped for OOB tables where the fields were being protected via Client Script or UI Policy but could be manipulated on the front-end which would save the values in the DB. These ACLs prevent that.
- The goal is to prevent anybody from manually updating these columns. Conflict Detection keeps these fields in the correct state or updated with the correct value. This shouldn't be done manually.
You can even disable the ACL if it is not required. The key here is that OOB, we ship with them the necessary security rules.