ACL advanced script so that User with role-X can view records that he or his "Group members" created.

Aki17
Kilo Guru

‎09-05-2021 06:54 PM

I would like to place "Data Table from Instance Definition" widget in CSM Portal that shows records of a custom table which is extended from Case [sn_customerservice_case] table.
 
What I need to achieve is to limit user's access to that table (records) as below:
 - User with role-A can view only records that he created.
 - User with role-X can view records that he or his Group members* created.
  *Group members mean the users who belong to the same Group (sys_user_group) as the logged-in user.
 - User with admin role can view all the records
 
I think this can be achieved by creating ACL with advanced script, but not sure how to write that.
Could you please give me the sample script for this? Or, if there is a better way, please let me know.
 
Best Regards,
Aki
 

Labels:
0 Helpfuls
  • 3,298 Views
7 REPLIES 7

Ujjawal Vishnoi
Mega Sage
Mega Sage
In response to Aki17

‎09-06-2021 02:58 AM

you can use below script for that.

var mygroups = gs.getUser().getMyGroups();
var memarr=[];
var mem = new GlideRecord('sys_user_grmember');
mem.addQuery('group','IN',mygroups);
mem.query();
while(mem.next())
{
 memarr.push(mem.user.user_name+''); 
}
var uniqueMem = new ArrayUtil().unique(memarr);
if(uniqueMem.indexOf(current.getValue('sys_created_by'))>-1)
answer=true;

Hope it helps.

 

If I helped you to resolve your query with my answer. Then I would really appreciate if you can mark my answer correct and helpful. So that it can be moved to answered list and helpful for future readers.

Regards,
Ujjawal

0 Helpfuls

Aki17
Kilo Guru
In response to Ujjawal Vishnoi

‎09-07-2021 09:23 PM

Hi Ujjawal,

Thank you for the script, but looks like it's not working..

I set 2 ACLs as per your instruction.

(1) ACL to allow user with role-A to view only records that he created.

=> I created the ACL as the first screenshot you added.

(2) ACL to allow user with role-X to view records that he or his Group members* created.

=> I set the advanced script you gave me.

 

For (1), it worked properly and the logged-in user can only see his own records.

However, for (2), it's not working and even the user with role-X can only see the records that he created.

Could you please check your script again and help me with troubleshooting?

0 Helpfuls

Aki17
Kilo Guru
In response to Aki17

‎09-09-2021 06:45 AM

Hi @Ujjawal Vishnoi 

Sorry to ask you again, but could you please review and modify your script?

We are almost there and need your help.

 

0 Helpfuls