ACL advanced script so that User with role-X can view records that he or his "Group members" created.

Aki17
Kilo Guru

‎09-05-2021 06:54 PM

I would like to place "Data Table from Instance Definition" widget in CSM Portal that shows records of a custom table which is extended from Case [sn_customerservice_case] table.
 
What I need to achieve is to limit user's access to that table (records) as below:
 - User with role-A can view only records that he created.
 - User with role-X can view records that he or his Group members* created.
  *Group members mean the users who belong to the same Group (sys_user_group) as the logged-in user.
 - User with admin role can view all the records
 
I think this can be achieved by creating ACL with advanced script, but not sure how to write that.
Could you please give me the sample script for this? Or, if there is a better way, please let me know.
 
Best Regards,
Aki
 

Labels:
0 Helpfuls
  • 3,297 Views
7 REPLIES 7

Upender Kumar
Mega Sage

‎09-05-2021 07:10 PM

Create ACL and in advance section write script

answer=false
if(gs.hasRole('role_name') && current.sys_created_by==gs.getUserName())
 answer=true
0 Helpfuls

Aki17
Kilo Guru
In response to Upender Kumar

‎09-05-2021 07:29 PM

Hi Upender,

Thank you for your reply, but I think it's only for the first condition below.

Could you add the conditions to the script for the second and third one as well?

 - User with role-A can view only records that he created.
 - User with role-X can view records that he or his Group members* created.
  *Group members mean the users who belong to the same Group (sys_user_group) as the one who created the record.
 - User with admin role can view all the records

0 Helpfuls

Ujjawal Vishnoi
Mega Sage
Mega Sage

‎09-05-2021 08:33 PM

Hi Aki,

Try below ACL with no code.

find_real_file.png

find_real_file.png

 

Hope it helps.

 

If I helped you to resolve your query with my answer. Then I would really appreciate if you can mark my answer correct and helpful. So that it can be moved to answered list and helpful for future readers.

Regards,
Ujjawal

Preview file
84 KB
Preview file
104 KB
0 Helpfuls

Aki17
Kilo Guru
In response to Ujjawal Vishnoi

‎09-05-2021 10:27 PM

Hi Ujjawal,

Thank you for your comment, but does "[Opened by] [is (dynamic)] [One of my Assignments]" mean the Delegated users, correct?

If so, I don't want to define the user delegation. I just need to give the logged-in user with role-X a read-access to the records that he or his Group members* created.
  *Group members mean the users who belong to the same Group (sys_user_group) as the logged-in user.

I believe that advanced script in ACL is required for this, so could you please advise me on how to write that?

0 Helpfuls