- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2025 06:04 AM - edited 08-10-2025 06:06 AM
Here is the requirement:
1.Here is the code snippet ACL I have created for change_request table
var loggedInUser = gs.getUser().getCountry();
var callerCountry = current.requested_by.country;
var locationCountry = current.cmdb_ci.location.country;
if (
loggedInUser == 'BBB' || loggedInUser == 'CCC'
) {
if (callerCountry == 'AAA' && locationCountry == 'AAA') {
answer = false;
} else {
answer = true;
}
} else {
answer = true;
2.I need to build the same ACL for "Problem" but the requirement states:
For Problem records, the restriction is based on two checks:
(i) If the "first_reported_by_task" field is populated and refers to an Incident record, check the caller_id.country of that Incident.
(ii) If the "first_reported_by_task"is not populated, check the opened_by.country on the Problem record.
If either country value is "AAA", users from countries "BBB" or "CCC" should not be able to view the record.
I tried using the same logic as change by dot -walking, but still access is granted. Please help me with this !
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2025 08:25 AM
Hello, could you please try below and share the outcome?
// Get the logged-in user's country
var loggedInUserCountry = gs.getUser().getCountry() + '';
// List of restricted countries
var restrictedCountries = ['BBB', 'CCC'];
// Default allow
answer = true;
// Only apply restriction if user is from restrictedCountries
if (restrictedCountries.indexOf(loggedInUserCountry) > -1) {
var blockAccess = false;
var frbt = current.first_reported_by_task;
if (frbt && frbt.sys_class_name == 'incident' && frbt.caller_id.country.toString() == 'AAA')
blockAccess = true;
// No first_reported_by_task → check opened_by country
else if (current.opened_by.country.toString() == 'AAA')
blockAccess = true;
if (blockAccess)
answer = false;
}
Regards,
Nishant
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2025 06:33 AM
Hi,
Some ideas - is the location and country populated for test users? There should be fallback in the ACL for a scenario when user doesn't have that value populated...
And for the field Country, the field is country_code - is the value evaluated properly?
loggedInUser == 'BBB' || loggedInUser == 'CCC'
versus
loggedInUser == 'sys_id_of_BBB' || loggedInUser == 'sys_id_of_CCC'
/* If my response wasn’t a total disaster ↙️ ⭐ drop a Kudos or Accept as Solution ✅ ↘️ Cheers! */
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2025 06:59 AM - edited 08-10-2025 07:03 AM
Hey @GlideFather , Thank you for reply!.
Yes , I do have value location and country populated. It's working for change _request.I need for this for the Problem table .Here is the code for problem FYI
// Get the logged-in user's country
var loggedInUserCountry = gs.getUser().getCountry();
// List of restricted countries
var restrictedCountries = ['BBB', 'CCC'];
// Default allow
answer = true;
// Only apply restriction if user is from restrictedCountries
if (restrictedCountries.indexOf(loggedInUserCountry) > -1) {
var blockAccess = false;
var frbt = current.first_reported_by_task; // Reference field
if (frbt) {
// Check if it’s an Incident record
if (frbt.getTableName() == 'incident') {
var incidentGR = new GlideRecord('incident');
if (incidentGR.get(frbt.toString())) {
if (incidentGR.caller_id.country == 'AAA') {
blockAccess = true;
}
}
}
} else {
// No first_reported_by_task → check opened_by country
if (current.opened_by.country == 'AAA') {
blockAccess = true;
}
}
if (blockAccess) {
answer = false;
}
}
2.I need to build the same ACL for "Problem" but the requirement states:
For Problem records, the restriction is based on two checks:
(i) If the "first_reported_by_task" field is populated and refers to an Incident record, check the caller_id.country of that Incident.
(ii) If the "first_reported_by_task"is not populated, check the opened_by.country on the Problem record.
If either country value is "AAA", users from countries "BBB" or "CCC" should not be able to view the record.
This is the code I have used for my Scenario, still the CCC users can view the AAA record's! Please let me know, any debugging/correction should I do in my code!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2025 08:01 AM
Hi
Your script condition will look like this....
(function() {
answer = true;
var countryUsr = "";
if (!gs.nil(current.first_reported_by_task)){
if (current.related_incidents > 0) {
var gr = new GlideRecord('incident')
gr.addQuery('problem', current.sys_id)
if (gr.next()) {
gr.caller_id //now you got the caller ID
var g = new GlideRecord('cmn_location')
if (g.get(gr.location))
countryUsr = g.country
}
}
else
countryUsr = current.opened_by.country //This is for if "first_reported_by_task" field is populated but no incident record then use the opened by
}
else {
countryUsr = current.opened_by.country
}
//We now have the country code, just check the conditions
if (countrUsr == "AAA" || countrUsr == "BBB" || countrUsr == "CCC")
answer = false
})();
Thanks,
Bhimashankar H
-------------------------------------------------------------------------------------------------
If my response points you in the right directions, please consider marking it as 'Helpful' & 'Correct'. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2025 08:43 AM
HI @Bhimashankar H ,
Thank ypu so much or your input!.
The requirement is "CCC" and "BBB" country users , shouldn't able to see the "AAA" country Problem Records. "CCC" and "BBB" users can able to view all other problem records except "AAA" that too based on the condition which I have mentioned below.
I tried using the above code in ACL, still "CCC" users can see records of "AAA" users. This is the requirement in detail:
2.I need to build the same ACL for "Problem" but the requirement states:
For Problem records, the restriction is based on two checks:
(i) If the "first_reported_by_task" field is populated and refers to an Incident record, check the caller_id.country of that Incident.
(ii) If the "first_reported_by_task"is not populated, check the opened_by.country on the Problem record.
If either country value is "AAA", users from countries "BBB" or "CCC" should not be able to view the record.
This is the code I have used for my Scenario, still the CCC users can view the AAA record's! Please let me know, any debugging/correction should I do in my code!
