- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-07-2017 11:58 PM
Hello,
I am looking to add ACLs that would grant an approver READ access to an HR case on sn_hr_core_case.
Use Case:
User submits a record producer that creates an HR case on the sn_hr_core_case table.
A workflow creates an approval record for the user's manager.
The manager needs to be able to open the approval and then view the details of the HR case (As well as the Variables from the record producer)
The manager will not have any HR roles.
The HR app version is Istanbul Scoped.
Thanks in advance for your assistance.
https://youtube.com/watch?v=zYi8KhP9SUk
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-30-2017 10:41 AM
To grant access to the case, you would use a READ ACL that has a script that checks if the user has any approvals related to the current HR case.
//Get the user's sys_id
var userId = gs.getUserID();
//Query the approvals table to see if the user has any approvals that are tied to this HR case
var getApprovals = new GlideRecord("sysapproval_approver");
getApprovals.addQuery("approver", userId);
getApprovals.addQuery("document_id", current.sys_id);
getApprovals.query();
if(getApprovals.next()) {
//If an aproval is found then grant access to the case
answer=true;
}
This grants access to the case, but there is also an onQuery business rule that needs to be updated.
On the table, there is a Restrict Query business rule. I suggest copying that BR and disabling the OOB version.
Then modify the copy with code similar to the following. The code below is also checking to see if there are any records that the user is assigned as an approval for, and it adds the sys_id of those records to the query.
//Get the user's sys_id
var userId = gs.getUserID();
//create an array to hold a list of HR cases
var arrCases = [];
//Create a string to dump the array into to use in the query
var caseArray;
//Query the approvals table to see if the user has any approvals that are tied to this HR table
var getApprovals = new GlideRecord("sysapproval_approver");
getApprovals.addQuery("approver", userId);
getApprovals.query();
while (getApprovals.next()) {
//For each approval found, add the sys_id of the associated case to the array
arrCases.push(getApprovals.document_id+'');
}
//split the array into comma seperated values and store as a string
caseArray= arrCases.join(',');
//gs.info(caseArray);
//Modify the current query
//The first 4 lines below are OOB
//The sys_id addition is searching for any cases where the user has an associated task or approval record
current.addQuery("opened_by", userId)
.addOrCondition("opened_for", userId)
.addOrCondition("parent.ref_sn_hr_core_case.opened_for", userId)
.addOrCondition("watch_list", "CONTAINS", userId)
.addOrCondition("sys_id", "IN", caseArray);
Between these 2 changes, the approver user was able to see the HR Case that they needed to approve.
If they need to edit the case, create a write ACL with the same rules.
NOTE: I have attached the code to this response as it isn't formatting correctly in the response.
https://youtube.com/watch?v=zYi8KhP9SUk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-08-2017 12:04 AM
Hi John,
Is HR case any field value ?
Create ACL : Read and check in condition for HR case.
and in script mention
answer=true;
Hope this will help for you.
Regards,
Parvinder
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-30-2017 10:12 AM
Any answer on this? Our security restricts anyone without an hr_specialist role or the requestor (opened_for) that created the case from accessing which is preventing the approvals from recording on the HR_Case records. I need to know how to grant just the approver access to approve the case so the workflow will continue, technically they do not even need the access to view the case because the email has all of the information, but I need the approval to record properly on the case so the remaining workflows continue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-30-2017 10:41 AM
To grant access to the case, you would use a READ ACL that has a script that checks if the user has any approvals related to the current HR case.
//Get the user's sys_id
var userId = gs.getUserID();
//Query the approvals table to see if the user has any approvals that are tied to this HR case
var getApprovals = new GlideRecord("sysapproval_approver");
getApprovals.addQuery("approver", userId);
getApprovals.addQuery("document_id", current.sys_id);
getApprovals.query();
if(getApprovals.next()) {
//If an aproval is found then grant access to the case
answer=true;
}
This grants access to the case, but there is also an onQuery business rule that needs to be updated.
On the table, there is a Restrict Query business rule. I suggest copying that BR and disabling the OOB version.
Then modify the copy with code similar to the following. The code below is also checking to see if there are any records that the user is assigned as an approval for, and it adds the sys_id of those records to the query.
//Get the user's sys_id
var userId = gs.getUserID();
//create an array to hold a list of HR cases
var arrCases = [];
//Create a string to dump the array into to use in the query
var caseArray;
//Query the approvals table to see if the user has any approvals that are tied to this HR table
var getApprovals = new GlideRecord("sysapproval_approver");
getApprovals.addQuery("approver", userId);
getApprovals.query();
while (getApprovals.next()) {
//For each approval found, add the sys_id of the associated case to the array
arrCases.push(getApprovals.document_id+'');
}
//split the array into comma seperated values and store as a string
caseArray= arrCases.join(',');
//gs.info(caseArray);
//Modify the current query
//The first 4 lines below are OOB
//The sys_id addition is searching for any cases where the user has an associated task or approval record
current.addQuery("opened_by", userId)
.addOrCondition("opened_for", userId)
.addOrCondition("parent.ref_sn_hr_core_case.opened_for", userId)
.addOrCondition("watch_list", "CONTAINS", userId)
.addOrCondition("sys_id", "IN", caseArray);
Between these 2 changes, the approver user was able to see the HR Case that they needed to approve.
If they need to edit the case, create a write ACL with the same rules.
NOTE: I have attached the code to this response as it isn't formatting correctly in the response.
https://youtube.com/watch?v=zYi8KhP9SUk
