ACLs: Allow Users to Add New Records, But Not Edit Specific Field

jmiskey
Kilo Sage

We have a custom table in a scoped application.  And for simplicity sake, let's say we have two groups of that are important to this question: those with an "admin" role, and those with a "telecom" role.

On my custom table, we have a field name "site".  I need to create an ACL on this field such that users with the Telecom role are able to add new records to the table (and can set EVERY field in the table).  However, on existing records, I want to limit it so that only those with an "admin" role can edit the "site" field (so users with the Telecom role CANNOT edit the "site" field on existing records).

Can anyone tell me how I need to constructs my ACL(s) to do this?

Thanks

1 ACCEPTED SOLUTION

jmiskey
Kilo Sage

OK, I figured it out.  I had to add a new write ACL on the field in the table, add "Telecom" to the role, and add this to the Script section:

//allow edit ability on this field when creating new records only
answer = false; 
if(current.isNewRecord()){
	answer = true;
}

I knew it had to be something fairly simply, just took a whole to figure it out.

 

View solution in original post

9 REPLIES 9

SaiRaviKiran Ak
Giga Guru

Create write ACL on Site field and in role section add the telecom role

We already have that.  Perhaps I should list the current create/write ACLs we have on this table:

We have a WRITE ACL on the whole table, requiring the Telecom role.

We have a CREATE ACL on the whole table, requiring the Telecom role.

This allows them to add and update all fields.

 

So, I tried to add another ACL specific to the "Site" field, so I created a WRITE ACL on this field requiring the Admin role.  This successfully prevented users with the Telecom role from editing this "Site" field on current existing records.  However, it is also preventing them from populating the "Site" field when adding new records (which I want to allow them to do).

So what do I need to change to allow this?

 

In this case you can go for an OnLoad client script.

Check if logged in user has telecom role and site field is not empty then make that field as editable else it should be read only.

Also in the ACL script,you can get the URL for a new record. If sys id is  not -1  and user has telecom role then make that field editable.