ACL - Delete Permissions

Go to solution
rebecca75
Tera Contributor

‎10-10-2018 09:06 AM

I have a BR that removes the permissions before adding a new permissions on the Managed Document. However, it isn't deleting since the user doesn't have delete access.

However, I'm not sure how to update this ACL to provide delete properly...right now it's giving edit, but not sure what that line is calling and from where...

Any ideas on how to update this script to allow Edit, but then allow Delete for my script ONLY?

find_real_file.png

Labels:
Preview file
59 KB
0 Helpfuls
  • 3,633 Views
1 ACCEPTED SOLUTION

Go to solution
VigneshMC
Mega Sage

‎10-10-2018 09:13 AM

You why edit this ACL?, you can create an another table level delete ACL with condition as you like. It has to pass just one ACL per operation, to allow access.

Thanks

View solution in original post

10 REPLIES 10

Go to solution
VigneshMC
Mega Sage

‎10-10-2018 09:13 AM

You why edit this ACL?, you can create an another table level delete ACL with condition as you like. It has to pass just one ACL per operation, to allow access.

Thanks

Go to solution
rebecca75
Tera Contributor
In response to VigneshMC

‎10-10-2018 10:12 AM

Regardless, I'm not sure how to create it so that the script can delete records and not allow the user to do it from the UI.

0 Helpfuls

Go to solution
Prateek kumar
Mega Sage

‎10-10-2018 09:18 AM

This is the script include that gets gets executed when calling this ACL. you have to make changes to the canDeleteApprovalSequence function in this Script include.

https://YOURINSTANCENAME.service-now.com/nav_to.do?uri=%2Fsys_script_include.do%3Fsys_id%3Dc4b388d70a0a2ca052c7709d977fb49d%26sysparm_record_target%3Dsys_script_include%26sysparm_record_row%3D2%26sysparm_record_rows%3D11%26sysparm_record_list%3DnameSTARTSWITHdocument%255EORDERBYDESCsys_updated_on

As this is OOB, you can create a new ACL with delete access and provide the required roles to this. Or you can add all the required users to a group and make use of gs.isMemberOf('Your Group Name here') and restrict access


Please mark my response as correct and helpful if it helped solved your question.
-Thanks

Go to solution
rebecca75
Tera Contributor
In response to Prateek kumar

‎10-10-2018 10:56 AM

Okay, the script include is OOB, so I created a new Script Include with same name THDocumentManagementSecurity. This isn't working...idea?

The script include has this:

var THDocumentManagementSecurity = Class.create();

THDocumentManagementSecurity.THcanDeleteDocumentRecord = function(document) {
  var doc = THDocumentManagementSecurity.getDocument(document.sys_id);
  return THDocumentManagementSecurity.THcanDeleteDocumentRecord(doc);
};

 

The new delete ACL for table dms_document_group_permission has this code:

answer = THDocumentManagementSecurity.THcanDeleteDocumentRecord(current.document);

0 Helpfuls