Business Rule before query & ACL on Scoped Application

Dazler · ‎06-08-2023

Hi,

I am in need of some help with a before query business rule and ACL. I have a custom application that has a main (parent) ticket and then it create a task ticket when the state changes to a specific value.

This custom application is somewhat restrictive, in it that I can't just create roles because the ticket that you work cannot be seen by everyone. I have set up a before query on the task ticket so that it will only show the records the the user can see and not display that "some records removed due to security" message.

On the task ticket is the assignment group and I need to set it so that the assignment group can view the main (parent) ticket.

I am having a very hard time with this. Here are my settings:

Business rule

Before

Query

Table: main (parent) table

Script:

(function executeRule(current, previous /*null when async*/ ) {

    if ((gs.hasRole('admin')) || (gs.hasRole('x_exf_it_admin')) || (gs.hasRole('x_exf_user'))) { 
      return;
    } else {
	var gr = new GlideRecord('x_exf_it_task');
        gr.get('issu_number', current.sys_id);
        current.addEncodedQuery('gr.assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744^ORgr.assignment_group.managerDYNAMIC90d1921e5f510100a9ad2572f2b477fe');
		
}

})(current, previous);

I also unsure of how to go about doing the acl for something like this.

Can anyone help me with this? This is very important.

Any help or direction would be appreciated.

Aniket Zepale · ‎06-08-2023

Hi @Dazler ,

You can create ACL for this.

Type : Record

Operation : read

Advance : true

Name: Your parent table with None

You can add roles as per your requirement

Add below script in script section:

var user = gs.getUser().isMemberOf('Your group name');
if (user)
    answer = true;
else
    answer = false;

Please mark my answer helpful if it helps you!!

Dazler · ‎06-08-2023

Hi @Aniket Zepale

The groups are dynamic. We have so many groups that could be assigned, so I can not add them static. Also, the assignment group is on the task ticket and not the parent ticket. I need the group on the task ticket to have read access to the parent ticket.

I cannot just complete this using ACL because when we do that and use restrictions it adds the message at the bottom "Number of rows removed from this list by Security constraints". This can be a hinderance for user if there are hundreds of open records. This is why I need to include a business rule before query.

Aniket Zepale · ‎06-08-2023

Hi @Dazler ,

You can write below script for dynamic assignment group.

I have similar kind of requirement i initially tried using query BR but it seems to be not possible using query BR so i did that using ACL.

var gr = new GlideRecord("Task table");
//gr.addQuery("assigned_to", gs.getUserID());
gr.addQuery("parent", current.sys_id);//Change here your relationship field from task table with parent table 
gr.query();
if (gr.next()) {

if (isMember(gr.assignment_group))
answer = true;
else
answer = false;
} else {
answer = false;
}

function isMember(grp) {
    var gr = new GlideRecord('sys_user_grmember');
    gr.addQuery('user', gs.getUserID());
    gr.addQuery('group', grp);
    gr.query();

    if (gr.next()) {
        return true;
    } else {
        return false;
    }
}

Please mark my answer helpful if it helps you!!

Dazler · ‎06-08-2023

@Aniket Zepale

I tried your script and it worked, but how did you remove the security message? This makes it difficult for the user to display just their parent tickets in the list. The before query is what helps it do that.