ACL blocked by before query Business Rule

sparkles
Tera Contributor

‎01-26-2025 09:12 AM - edited ‎01-26-2025 09:13 AM

Hello,

 

I created read ACL for stakeholder role to be able to see requested item and catalog task for specific category. I used the Access Analyzer to see why stakeholder can't see the records and got 2 Business Rule causing the issue on requested item and another one on sc_task. Please see below the BR causing the issues:

 

BR #1 on sc_req_item table

// if user does not have itil or any of the sn_request roles
if (!gs.hasRole('itil') && !gs.hasRole("sn_request_read") && !gs.hasRole("sn_request_write") && gs.getSession().isInteractive()) {
    //Get user sys_id and list of their groups
    var u = gs.getUserID();
    var g = getMyGroups();
    //Allow user to see records based on below query.
    //if the user is: part of the assignment group, the requested for, the created by, or is in the watch list.
    var q = current.addQuery('assignment_group', g).addOrCondition('requested_for',u).addOrCondition("watch_list", "CONTAINS", u).addOrCondition("opened_by",u).addOrCondition('request.requested_for', u);
}
 
Br #2: on sys_user_group table
if (!(gs.hasRole("admin") || gs.hasRole("user_admin")) && gs.getSession().isInteractive()) {
  current.addQuery("active", "true");
}
 
 
BR #3 on task:
// if user does not have itil or any of the sn_request roles
if (!gs.hasRole('itil') && !gs.hasRole("sn_request_read") && !gs.hasRole("sn_request_write") && gs.getSession().isInteractive()) {
    //Only show tasks of RITM assigned to their groups.
    var u = gs.getUserID(); //Get the sys_id value of the current user
    var g = getMyGroups(); //Get the list of the current user groups
    var q = current.addQuery('request_item.assignment_group', g).addOrCondition('request_item.requested_for', u).addOrCondition("request_item.watch_list", "CONTAINS", u).addOrCondition('request_item.sys_created_by', u);
}
 
My ACL on both RITM table and task table is:
for users with role cat_Aud_external_change_fulfiller, and condition (cat_item.category=external change) 
 
I would really appreciate the help, I have to get it done soon.
 
Thanks,
S
0 Helpfuls
  • 418 Views
1 REPLY 1

priyatam_pvp
Tera Guru

‎01-26-2025 05:24 PM

If modifying BRs isn’t an option, consider adding a new BR to override the restrictions for your specific role:

if (gs.hasRole('cat_Aud_external_change_fulfiller')) {
// Remove restrictions imposed by other BRs
current.addQuery('cat_item.category', 'external change');
}


0 Helpfuls