ACL quesion on reference table access
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2018 05:37 AM
I have one-to-many relationship between Table A(one) and Table B(many)
TableA has a field named ‘IT Member’ (ref to sys_user_group)
I want to be able to limit access (read) on Table B only if logged on user is member of ‘IT Member’ group (listed/recorded in Table A)
I managed to do this in ACL by using the following read ACL, but this only works if I open child form (Table B) along with parent record from Table A. I want to be able to access Table B records directly (not through table A - parent)
This works only when I have both Table A content listed in main form along with related-list (Table B)
However when I try to access Table B records directly in Table B form then no access is allowed:
if((gs.getUser().isMemberOf(parent.u_it_member)) )
{
answer = true;
}
Any advice how to add new script in ACL to let Table B content show when Table B form is opened directly?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2018 11:58 AM
Hi Valqe,
Why not to use query business rule instead of ACL to restrict the number of records.
Mark Correct if this solves your issue and also hit Like and Helpful if you find my response worthy based on the impact.
Thanks
Ankur
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2018 12:29 PM
Thanks Bawiskar,
I've always used ACL's - I never used business rules to restrict number of records. Can you please share a mock-up of a business rule for this purpose?
Thanks much.
Valqe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2018 01:47 AM
Hi Valqe,
Any update on this?
Can you mark my answer as correct, helpful and hit like if you were able to achieve the requirement. This helps in removing this question from unanswered list and helps users to learn from your thread. Thanks in advance.
Regards
Ankur
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2018 01:09 PM
You can't do this with an ACL. They're designed to control security at the table level and they run on the server, which means they are independent of what page a user's browser is on. You would need to write a client script onChange of the group field to hide the information icon through DOM manipulation, and the client script would have to make an AJAX call to determine group membership since that information is only available on the server.
But why would you want to do this? To me it seems like it would be nothing but an annoying 'security by obscurity' feature if they can't see the record from the form but they can still manually go to the table and look it up.
Edit:
I was assuming your table A referenced table B through a reference field. Is it a reference or a related list? If the latter you could do it more easily by scripting the filter to check the group on the server side. But again I don't know why you'd want to do this.
