ACLs: Read-Only on Existing Records, but Can Add New Records

Go to solution
jmiskey
Kilo Sage

‎10-02-2018 08:53 AM

So I have a two part question, mostly surrounding ACLs.  I have been messing around without for awhile, without much success in getting to do what I want.

First, I created a table called "My Attachments".  It contains three main fields: u_catalog_item, u_group, and inactive.

The u_catalog_item field is a reference field to another table called "My Attachments Control Table".  This table has three similar fields as the other table.

So, I want users to be able to view their own "My Attachments" records.  This ACL is working as I want, using these conditions:

find_real_file.png

I only want them to be able to read these existing records of theirs, and not be able to edit or delete them.  But I want to allow them to add New records.  So my first question is how to do set up ACLs to do that.

 

The second part revolves around adding the New records to this "My Attachments" table.  As I said, the u_catalog_item field is a reference field back to the "My Attachments Control Table".  I want to limit the items in the drop-down of this u_catalog_item field to only show records where the u_group field is one of their groups.  So we wrote a JavaScript function in a Script Includes that works like the "is dynamic One of My Groups" functionality, and use it in the Reference Qualifier of our reference field.  It was working at one point, but I think that all my messing with ACLs causes it to be "overruled", where it shows all the records, or none of the records (and actually hides the field from those users completely). 

I guess the trick is to allow them to see the appropriate values in the drop-down reference field, without actually giving them access to this "Control Table" at all (they don't need to see it, it is just used in the drop-down reference field for them).

I think I cannot see the forest for the trees.  Any tips/help would be appreciated!

Preview file
11 KB
0 Helpfuls
  • 8,931 Views
1 ACCEPTED SOLUTION

Go to solution
jschlieszus
Kilo Guru

‎10-02-2018 09:03 AM

So looks like you have the first part working, to only view their own records.  For the second part you can use a write ACL and include in the script

 

answer = false; 

if(current.isNewRecord()){

answer = true;

}

 

this will allow creating records, but block once the record is no longer new.  You could even expand it to allow certain write access to existing records based on other items if you like.

 

As for seeing values in a reference field, they should only be able to see records they can read by default, nothing should need to be added to account for that in a reference field.  Let me know if I am missing something.

View solution in original post

5 REPLIES 5

Go to solution
surajp
Mega Guru

‎10-02-2018 09:03 AM

Hi,

 

First part - Check if you have create and read ACLs only for "My Attachments" table. Create a write ACL and prevent users from editing.

Second part - As far as script include is concerned the ACLs do not affect script include results.

 

Regards,

Suraj

0 Helpfuls