ACL is blocking a reference field from showing all options

stephaniet · ‎11-09-2017

I have created a form that requires people with access to this form to be able to see every sys_user record, locked out (inactive) or not, in a field. I found an ACL that limits the sys_user.locked_out record access to users with the admin or user_admin role. I tried modifying this rule to use the following script:

if(gs.getUser().hasRole('admin') || gs.getUser().hasRole('user_admin') || gs.getUser().isMemberOf('Human Resources')){
gs.log('Returned true');
answer = true;
}else{
gs.log('Returned false');
answer = false;
}

I see "Returned true" is logged in the script logs, but the reference field still does not show all the locked out users. Am I missing something? Is there another OOB ACL that could cause this?

chaselong · ‎11-13-2017

Are you sure it's the ACL and not the before query "user query" business rule?

View solution in original post

Dave Smith1 · ‎11-09-2017

I'd question why it needs to be scripted when you could just as easily give the Human Resources group a role then add the three roles to the permitted list.

Have you tried the ACL debugger to see what's going on?

stephaniet · ‎11-13-2017

I tried what you suggested but the user is still unable to see any inactive people. I gave him access to the Users module to see what that list pulls up and it has about 10000 less records than I can see, and they are all the inactive users. I've added the 'hr' role to both the main sys_user rule and the sys_user.locked_out rule

chaselong · ‎11-13-2017

Are you sure it's the ACL and not the before query "user query" business rule?

stephaniet · ‎11-13-2017

I thought the same thing after I replied on here. After updating that script and clearing my cache, it seems to be working now! Thanks!