ACL change request vs. conflict calendar

Kub · ‎05-14-2025

Hey,

I have a requirement to block read and write access on some conditions. For example, block read access to change request when the user is not in the assignment group (on the change request). I created a 2 scripted ACLs and they broke the conflict calendar. I keep getting the error message "Invalid data found while accessing the Change Request Calendar". What would be the suggested approach? Should I restrict read to the change records at all? How to do it so that it doesn't break the conflict calendar?

The script of my read ACL on change request:

// By default, no access
answer = false;

// Get user
var user = gs.getUserID();


// 1. Requested by
if (current.requested_by == user) {
    answer = true;
}

// 2. Assignment group
if (current.assignment_group && gs.getUser().isMemberOf(current.assignment_group.name)) {
    answer = true;
}

// 3. Approvers
var gr = new GlideRecord('sysapproval_approver');
gr.addQuery('approver', user);
gr.addQuery('document_id', current.sys_id);
gr.addQuery('state', '!=', 'cancelled'); // only active approvers
gr.query();
if (gr.hasNext()) {
    answer = true;
}

// 4. Watchers custom list collector field on change request
if (current.u_watcher && current.u_watcher.split(',').indexOf(gs.getUserID()) !== -1) {
    answer = true;
}
// 5. Change managers
if (gs.hasRole("change_manager")) {
    answer = true;
}
// 6. Change task assginment group
var taskGr = new GlideRecord('change_task');
taskGr.addQuery('change_request', current.sys_id);
taskGr.addNotNullQuery('assignment_group');
taskGr.query();

while (taskGr.next()) {
    if (gs.getUser().isMemberOf(taskGr.assignment_group.name)) {
        answer = true;
    }
}

Kub · ‎05-21-2025

I was missing this in my read ACL: