ACL Script doesn't get triggered for admins

nmall · ‎03-06-2024

Hello,

I'm trying to restrict the visibility of some attachments for admin users. To do so I've localized the OOB sys_attachment read ACL and updated it to return false if connected user is admin.

But even with "Admin overrides" unchecked, the script doesn't get triggered. The logs that I've inserted in the script only get triggered when I'm impersonating other users, the script itself doesn't seem to be triggered when I'm verifying the ACL with my account.

Does anyone know if it's the normal behaviour ?

Many thanks.

vaibhav_1803 · ‎03-06-2024

if you check admin overrides check box it allows admin users to bypass ACLs for certain operations. but you can achieve your requirement through a simple business rule.

(function executeRule(current, previous /*null when async*/) {

var currentUser = gs.getUser();

if (currentUser.hasRole('admin')) {
current.setValue('visible', false);
}
})(current, previous);