Allow a user to view their departments requests in the service portal

BriTaylor
Kilo Sage

Hi,

 

I have a requirement to allow end users the ability to view their departments incidents and requests on the Service Portal. These users have no roles in the system.

 

I was able to figure out the incidents side of this requirement, however I am unable to figure out the requests.

 

I have created a custom ACL on the sc_request table that looks at the Request's requested for's department information and compares it to the logged in user's information. 

 

I have the same ACL on the sc_req_item table for the requested items.

 

I am able to see the appropriate requests in the list.

BriTaylor_0-1702578711083.png

 

However, when clicking on one of the requests for a member of my department I get a "Request not found" error.

BriTaylor_1-1702578755857.png

 

If I navigate to the request on the platform side, I am able to see the request.

BriTaylor_2-1702578856692.png

 

 

I am at a loss for what is causing this. Any help would be appreciated.

1 ACCEPTED SOLUTION

Doing some more digging I was able to find I needed to create a 2nd ACL for sc_request.*". After creating that ACL everything worked as I would expect.

View solution in original post

6 REPLIES 6

I had to modify the "incident query" business rule. My requirements called for the user's department and their manager the ability to view their incidents, so I added the following code.

 

var user = gs.getUser();
var department = user.getDepartmentID();
var gr = new GlideRecord('incident');
var departmentAllowed;
var managerAllowed;
gr.get(current);

//Check to see if the logged in user has the same department as the caller.
if (gr.caller_id.department == department) {
    departmentAllowed = true;
} else {
    departmentAllowed = false;
}

//Check to see if the Caller's manager is the logged in user.
if (gr.caller_id.manager == gs.getUserID()) {
    managerAllowed = true;
} else {
    managerAllowed = false;
}

 

I then modified the if statement to read as the following.

 

if (!gs.hasRole("itil") && !gs.hasRole("sn_incident_read") && gs.isInteractive() && (departmentAllowed || managerAllowed))

 

This was in addition to creating 2 ACL rules for "incident" and "incident.*" Those ACLs looked at a script and that is also below.

 

ourUser = gs.getUser();
department = ourUser.getDepartmentID();

if (current.caller_id.department == department || current.caller_id.manager == gs.getUserID()){
      answer = true;
}

 

Community Alums
Not applicable

Hi Bri, for me using your solution is not working. Did you also change the widget?