ACL condition script

Leonel Sandroni
Tera Guru

‎07-14-2023 05:40 AM

Hi there,

 

I have a customer requirement to accomplish. On demand records only members of child groups of the assignment group can create, edit and delete demand tasks.

LeonelSandroni_0-1689337949635.png

In the dmn_demand_task table I have modified ACLs permissions with the next condition:

LeonelSandroni_1-1689338158120.png

parent.assignment group | is (dynamic) | One of my groups

 

But unfortunately it doesn't work

Is there anyway to write this condition as script? or some another solution?

remember: child groups of the primary assignment group can edit

 

Suggestions?



 

0 Helpfuls
  • 3,267 Views
4 REPLIES 4

Ankur Bawiskar
Tera Patron
Tera Patron

‎07-14-2023 05:44 AM

@Leonel Sandroni 

use script like this

var groups = new global.ArrayUtil().convertArray(gs.getUser().getMyGroups());

if(groups.indexOf(current.parent.assignment_group) > -1)
	answer = true;
else
	answer = false;

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Leonel Sandroni
Tera Guru
In response to Ankur Bawiskar

‎07-14-2023 06:08 AM

Thanks for that! Unfortunately it does not work 😞

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to Leonel Sandroni

‎07-14-2023 07:12 AM

@Leonel Sandroni 

the script gets logged in user's group and then checks if the record's parent assignment group is one of those

that's what you were doing in the condition

Are you saying members of child assignment group of parent group can edit?

if yes then do this

var currentGroup = current.assignment_group;

var arr = [];
// get all child groups of this
var gr = new GlideRecord("sys_user_group");
gr.addQuery("parent", currentGroup);
gr.query();
while (gr.next()) {
	arr.push(gr.getUniqueValue());
}

var mem = new GlideRecord('sys_user_grmember');
mem.addQuery("group", "IN", arr);
mem.addQuery("user", gs.getUserID());
mem.setLimit(1);
mem.query();
answer = mem.hasNext();

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Leonel Sandroni
Tera Guru
In response to Ankur Bawiskar

‎07-14-2023 07:54 AM

Yes, that's the requirement but when I talk about "assignment group" I mean assignment group of demand record so first I need to refer the assignment group field of the parent task (because I'm working with in dmn_demand_task table not in dmn_demand table) and then get the members of child groups from the primary assignment group

Should I re-define the variable as "current.parent.assignment_group" rihgt?

0 Helpfuls