ACL to allow a delegate of an approver see the attachment

Go to solution
matt_a
Kilo Guru

‎05-08-2019 07:46 AM

Can someone assist in an ACL that will allow a delegate of an approver the ability to read the attachments on the tickets?

I can see the existing ACL for the approver:

answer = getAttachmentApproverRead();

function getAttachmentApproverRead() {
    
    var user = gs.getUserID();
    var gr = new GlideRecord('sysapproval_approver');
        gr.addQuery('document_id',current.table_sys_id);
        gr.addQuery('approver', user);
        gr.query();

        if (gr.next()) {
            return true;
        }
    

}

Please could someone assist me in changing this script to allow delegates access as well?

Many thanks in advance

Labels:
0 Helpfuls
  • 2,043 Views
1 ACCEPTED SOLUTION

Go to solution
matt_a
Kilo Guru
In response to Ankur Bawiskar

‎05-09-2019 09:11 AM

Hi Ankur,

I managed to figure it out but needed to restructure your script to read:

answer = getAttachmentApproverRead();

function getAttachmentApproverRead() {
    var user = gs.getUserID();
    var gr = new GlideRecord('sysapproval_approver');
        gr.addQuery('document_id',current.table_sys_id);
        gr.addQuery('approver', user);
        gr.query();
        if (gr.next()) 
        {
            return true;
        }
		else
		{
			var gr_approver = new GlideRecord('sysapproval_approver');
			gr_approver.addQuery('document_id',current.table_sys_id);
			gr_approver.query();
			if (gr_approver.next()) 
			{
				var userDelegate = new GlideRecord('sys_user_delegate');
				userDelegate.addQuery('user', gr_approver.approver);
				userDelegate.addQuery('delegate' ,user);
				userDelegate.query();
				if(userDelegate.next())
				{
						return true;
				}
			}
        }			
}

View solution in original post

0 Helpfuls
8 REPLIES 8

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎05-08-2019 07:55 AM

Hi,

Update it as below and check once:

it checks whether current logged in user is delegate of the approver;

answer = getAttachmentApproverRead();

function getAttachmentApproverRead() {

var user = gs.getUserID();
var isUserDelegate = false;
var userDelegate = new GlideRecord('sys_user_delegate');
userDelegate.addQuery('user', current.approver);
userDelegate.addQuery('delegate' ,user);
userDelegate.query();
if(userDelegate.next()){
isUserDelegate = true;
}


var gr = new GlideRecord('sysapproval_approver');
gr.addQuery('document_id',current.table_sys_id);
gr.addQuery('approver', user);
gr.query();
var rowCount = gr.getRowCount():
if (rowCount == 1 || isUserDelegate) {
return true;
}
return false;

}

Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls

Go to solution
matt_a
Kilo Guru
In response to Ankur Bawiskar

‎05-08-2019 08:24 AM

Thanks for the response.

Unfortunately, this still doesn't allow the delegate to access. Could it be the  userDelegate.addQuery('user', current.approver);?

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to matt_a

‎05-08-2019 08:46 AM

Hi Matt,

This ACL I believe is on sys_attachment table right? so modify code as below:

var user = gs.getUserID();

var gr = new GlideRecord('sysapproval_approver');

gr.addQuery('document_id',current.table_sys_id);

gr.addQuery('approver', user);

gr.query();

if (gr.next())

{

var userDelegate = new GlideRecord('sys_user_delegate');
userDelegate.addQuery('user', gr.approver);
userDelegate.addQuery('delegate' ,user);
userDelegate.query();
if(userDelegate.next()){
return true;
}

return true;

}

Regards

Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls

Go to solution
matt_a
Kilo Guru
In response to Ankur Bawiskar

‎05-08-2019 09:19 AM

Yes, its on the sys_attachment table. But changing the script to this hasnt had any affect and delegate still prevented from accessing the attachment.

This is what I have:

answer = getAttachmentApproverRead();

function getAttachmentApproverRead() {

    var user = gs.getUserID();
    var gr = new GlideRecord('sysapproval_approver');
        gr.addQuery('document_id',current.table_sys_id);
        gr.addQuery('approver', user);
        gr.query();

        if (gr.next()) {

{
var userDelegate = new GlideRecord('sys_user_delegate');
	userDelegate.addQuery('user', gr.approver);
	userDelegate.addQuery('delegate' ,user);
	userDelegate.query();
if(userDelegate.next()){

	return true;
}
return true;
	}
}
}
0 Helpfuls