ACL write based on condition
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-27-2017 07:52 PM
Hi All,
I have a question about how could i restrict ACL based on requirements?
For an example, I have 2 incidents which is INC 00001 and INC00002 and both of them are linked (**is related not parent child incident)
If i direct access incident from list layout then i should able to write the incident in ACL else, i should not able to write.
For example, I access INC00001 from list layout then i able to write the incident and I also able to see INC00002 in my embedded related list. When i click on INC00002 from embedded related list then i successfully access to that INC00002 incident form and i should not able to write the incident because i redirect from embedded list. In other words, I access INC00002 from list layout then i also should able to write the incident INC00002 and INC00001 is my embedded list, when i click on INC00001 from embedded list then INC00001 should not able allow me to write.
Any solution on these?
Appreciate for your solutions.
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-27-2017 09:41 PM
Hi Evan,
Often what's needed is the other way around of what you're asking. In other words, users are enforced to edit a record within a form.
For that we have the list_edit ACL. Please check section 4 of http://wiki.servicenow.com/index.php?title=Administering_the_List_Editor#gsc.tab=0
Now... returning to your requirement, why would you like to edit things under a list and not under a form? Are you aware that you will have some limited functionality in regards the client scripts that will be executed at the list level?
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-27-2017 11:42 PM
Hey Evan,
This is definitely not a straight-forward thing to do. Because, what you essentially want is that every incident should be editable ONLY if it is opened directly from the list layout, if it is opened from the embedded/related list, it should not be editable. So we'll need to manipulate the URL of the incident to identify how this has been opened.
In the incident URL, there is a parameter - 'sysparm_record_list' which indicates the filter of the list from which it is opened.
For eg. on opening it directly from incidents>open
URL - incident.do?sys_id=965c9e5347c12200e0ef563dbb9a7156&sysparm_record_target=incident&sysparm_record_row=1&sysparm_record_rows=30&sysparm_record_list=active%3Dtrue%5EORDERBYDESCnumber
and on opening from incident related list
URL - incident.do?sys_id=85071a1347c12200e0ef563dbb9a71c1&sysparm_record_target=incident&sysparm_record_row=1&sysparm_record_rows=1&sysparm_record_list=parent%3D965c9e5347c12200e0ef563dbb9a7156%5EORDERBYDESCnumber
If you look closely, in the second case, sysparm_record_list contains 'parent', using this value in a client script, you can make all the fields read-only. I would not suggesting creating an ACL for this, since this value will be received only on form load, and an ACL can pick up values saved in database (unless you store this value in a session variable and pass this on to the ACL, which is an unnecessary complication, and not advisable).
So the best bet would be to make an onLoad client script in which you check the value of the parameter 'sysparm_record_list' and if it contains 'parent' (or the relevant keyword in your case), make all the fields on the form read-only.
This post would help you make all fields read-only in shot -
Re: Make all form fields read-only
Hope this helps!
