ACL for assignment_group.parent members

angel_jimenez · ‎09-23-2019

Hi community!

We have a requirement to allow read access to incidents for user who opened it, are the caller of record, are on the watch list or belongs to the parent of the assignment_group.

We have the following ACL condition:

if (current.opened_by == gs.getUserID() || current.caller_id == gs.getUserID() || current.watch_list.indexOf(gs.getUserID()) > -1 || gs.getUser().isMemberOf(current.assignment_group.parent)) {answer = true;}
else {answer = false;}

But the last condition is not working (the underlined one), so user who belongs to the parent of the assignment_group are not able to read incident records.

Any idea about what is wrong on the script condition?

Regards!

Anurag Tripathi · ‎09-23-2019

Hi,

Use the last condition as below

gs.getUser().isMemberOf(current.assignment_group.parent.getDisplayValue()))

-Anurag

angel_jimenez · ‎09-23-2019

Thank you Anurag! But unfortunatelly it doesn't seems to work either...

Mohammad Nayeem · ‎09-24-2019

The parameter to pass inside the function isMemberOf() is the group name. The value of current.assignment_group.parent is the sys_id of the parent support group. So you will have to dot walk till the group name in order for this to work.

So, please use gs.getUser().isMemberOf(current.assignment_group.parent.name)

NOTE: Display Value can be configured to be just group name or combination of name and other values like Manager. So it is not recommended to use field_name.getDisplayValue() on Reference field, as group membership check requires the exact group name.

angel_jimenez · ‎09-24-2019

I've tried gs.getUser().isMemberOf(current.assignment_group.parent.name) and gs.getUser().isMemberOf(current.assignment_group.parent.name.toString()) but no luck...