Can you restrict showing a module/application menu by group instead of role

ankit_gupta1 · ‎04-02-2017

How to hide application menu and module based on group.

I tried business rule

Table: Application Menu [sys_app_application] or Module[sys_app_module]

When: before

Query = true

if(gs.getUser().isMemberOf('Group A') )

{

current.addQuery('sys_id','!=','5212632ced4f5500b14f689a971ad873');//sys_id of the application

}

but not working for me.

ctomasi you can suggest me a better way.

nayanawadhiya1 · ‎04-03-2017

Hey Ankit,

Say Chuck said, give roles to that modules/menus.

Or you can give role to that group and hide on that basis -

if(gs.getUser().isMemberOf('Group_name') && gs.getUser().hasRole('group_role'))

{

var car= current.addQuery('title','!=','Self-Service');

}

View solution in original post

amlanpal · ‎04-02-2017

Hi Ankit,

Please write the script on Module table ('sys_app_module') as below. Also you may add the Condition as !gs.hasRole('admin') for better performance.

Script:

//To hide the particular Module.

if(!gs.getUser().isMemberOf('Group A'))

{

current.addQuery('sys_id','!=','85591e0f4fdde6006292a90f0310c730');//sys_id of the module

}

I hope this helps.Please mark correct/helpful based on impact

SSA1 · ‎05-30-2022

Thank you @amlanpal this worked for me. and make sure to clear cache anyone who try this. then it works.

Chuck Tomasi · ‎04-03-2017

The best practice is to grant access to modules/menus by role. This is much more efficient as roles are cached during the user's session - that's why you need to logout/login when given new roles. Using a script means you are imposing a load on the system where caching is not involved and could cause performance issues. What's more, later administrators may find your script difficult to find and/or maintain.

klaytonz · ‎02-01-2019

Yes, per SN recommendation we will use a cost-added role for a user that only needs read access. That sounds efficient. SN clearly does not understand the use-case in these scenarios.