- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-04-2017 01:07 PM
I've set a read ACL on the Incident table in a personal dev instance to prevent access to any incident record where the user is NOT the caller, does not match the Caller's Department or does not match the Assignment Group's Department (custom field).
This works great.
However, our organization wants to allow the Enterprise Service Desk an exception to this rule but only to view a few main fields on an Incident such as Incident Number, Incident State, Assignment Group. This is to allow them to be able to field calls on these records to give out the proper contact information to customers - even though they really should not have visibility access to any other pieces of data on the incident form.
How would I go about writing a field level ACL on incident.number to supersede the record level constraints to the members of that specific support group? I'm finding that the row level ACL on the table is preventing the access even after I allow access to the specific fields.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-04-2017 02:29 PM
Hi Joshua,
To place field level restrictions but with exceptions, you'll have to do something like this:
The following are all read acls:
incident.* -> same script you have that prevents access to any incident record where the user is NOT the caller, does not match the Caller's Department or does not match the Assignment Group's Department (custom field).
then add one acl for each field incorporating both the above conditions with an OR for users with role for Enterprise Service Desk.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-04-2017 02:29 PM
Hi Joshua,
To place field level restrictions but with exceptions, you'll have to do something like this:
The following are all read acls:
incident.* -> same script you have that prevents access to any incident record where the user is NOT the caller, does not match the Caller's Department or does not match the Assignment Group's Department (custom field).
then add one acl for each field incorporating both the above conditions with an OR for users with role for Enterprise Service Desk.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-05-2017 05:32 AM
I tried to do that but only put the extra condition of the Service Desk on the specific field. Sounds like I need to put the whole script again with the extra condition.
~ J ~
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-05-2017 06:02 AM
I worked this approach and it worked after I also added a higher ACL to allow itil users to read the records as well. Without doing that it wouldn't even let these users open the list of incidents. Thanks for the assistance.
~ J ~
