ACL to restrict records

Shalini Priya1 · ‎10-06-2017

Hi ,

Can anyone help me on the below issue :

1.I have a check box on the incident form ,

2.If the checkbox is true then Assigned To /Watch List contains current logged in user then the user should have access to the form

or else no other user should have access to the form from List Layout ,Global search .How can i do it from an ACL .

Note :If Assigned To/Watch List user is not current logged in user then he shouldn't have access to the record ,and shouldn't open it from List view & global search as well.

I Created Read ACL --

Name :Incident*

Operation:Read

Type:Record:

Advanced :True

Condition : If checkbox is true

Script :

answer=(function(){
if(current.getValue("assigned_to")==gs.getUserID() || current.getValue("watch_list").indexOf(gs.getUserID())!=-1){
return true;
}
return false;
})();

Still i can see the records even if i'm not the logged in user as below screen shot:

So when I impersonated as Assigned To User .There are more than 29 incidents of which 3 incidents are Assigned to ITIL User. Thus, I expected only 3 record to be displayed , but instead there are 29. Incidents AssignedTo ITIL Users as normal, but all the other records on the table are completely blank. Here is the screenshot:

Blank Record which are not Assigned to ITIL User still i can open the record as below:

Thanks,

Shalini

shruti_tyagi · ‎10-06-2017

Have you checked if there are any other acls that impacting it? May be those users are passing some other Acls.

Shruti

Shalini Priya1 · ‎10-06-2017

There are only 4 ACLS(READ,WRITE,CREATE & DELETE) on my target table.

Shalini Priya1 · ‎10-06-2017

How to avoid Conflict between Write ACL (table level-)and Write ACL(Field level )? As Table level ACL has roles is executing first rather than Field level ACL which

has Condition and script?

shruti_tyagi · ‎10-09-2017

1. I guess your ACL is working fine, look there are only 3 rows visible rest all rows are showing blank.

What you need to do is just make this ACL table level Incident.NONE

2. In order to pass for the user both table level and field level alcs should pass and if there are roles, condition and script all these should pass. If anyone of them is fail ACL will fail for the user. I hope this makes sense

So if you have bot table level and field level acls both should have conditions or script or role that give access to user. Remember if you all them in your acl all should be written in a way to give access to user.

Thanks

Shruti

If the reply was informational, please like, mark as helpful or mark as correct!