Hi @Community Alums ,
you can create a deny unless read acl
as follows
Please mark my answer as helpful/correct if it resolves your query.
Regards,
Chaitanya
Hi @Community Alums ,
you don't want to see the message "Number of rows removed ..." is it?
then you can go with the query BR
(function executeRule(current, previous /*null when async*/ ) {
// Add your code here
if (gs.hasRole('itil') && !gs.getUser().hasRole(['admin' ]/* exten this array to roles you want to exlude this let's say a incident_manager also contains the itil role */ )) {
current.addQuery('state', '2');
}
})(current, previous);
with script
this will eliminate that message as the server won't send that data where state is not inprogress
query BR vs ACL
A query BR runs before the data is fetched from the server. you can put a filter when a certain condition is met (like in the case only inprogress incidents should be shown when user contains the itil role) the user request data from the server the query br runs and adds a filter the state = inprogress
Deny Unless ACL runs and after the data is fetched and evaluates whether the use have access to the data (deny unless ACL doesn't give the access to the data it just one more additional step that the user must meet the deny unless criteria first and then any one of the allow if acls should give access to the actual data)
in this the itil users already have the read access to the incident records (through OOB Allow if acls) if we have to revoke that access from the users we have to identify all the ACLs that gives access to the user and update them
with deny less we can just check that with one ACLs the users have to meet all the deny unless ACLs first if they fail at least one the access won't be provided to the specified data
Please mark my answer as helpful/correct if it resolves your query.
Regards,
Chaitanya
Hi @Community Alums ,
you can create a deny unless read acl
as follows
Please mark my answer as helpful/correct if it resolves your query.
Regards,
Chaitanya
Hi @Community Alums ,
you don't want to see the message "Number of rows removed ..." is it?
then you can go with the query BR
(function executeRule(current, previous /*null when async*/ ) {
// Add your code here
if (gs.hasRole('itil') && !gs.getUser().hasRole(['admin' ]/* exten this array to roles you want to exlude this let's say a incident_manager also contains the itil role */ )) {
current.addQuery('state', '2');
}
})(current, previous);
with script
this will eliminate that message as the server won't send that data where state is not inprogress
query BR vs ACL
A query BR runs before the data is fetched from the server. you can put a filter when a certain condition is met (like in the case only inprogress incidents should be shown when user contains the itil role) the user request data from the server the query br runs and adds a filter the state = inprogress
Deny Unless ACL runs and after the data is fetched and evaluates whether the use have access to the data (deny unless ACL doesn't give the access to the data it just one more additional step that the user must meet the deny unless criteria first and then any one of the allow if acls should give access to the actual data)
in this the itil users already have the read access to the incident records (through OOB Allow if acls) if we have to revoke that access from the users we have to identify all the ACLs that gives access to the user and update them
with deny less we can just check that with one ACLs the users have to meet all the deny unless ACLs first if they fail at least one the access won't be provided to the specified data
Please mark my answer as helpful/correct if it resolves your query.
Regards,
Chaitanya
