Configuration records - how to set visibility

pironbi · ‎07-14-2015

Hi All -

I am trying to create a business rule that will effectively only allow records to be visible with certain criteria to certain groups.
I am not able to find how to do this at the record level and was hoping someone might have an idea.
I can find how to hide lists, etc... but filtering the records is giving me trouble.

Appreciate any help anyone can provide!

Thanks

Bill

bernyalvarado · ‎07-27-2015

Hi Bill, indeed it makes sense. The only changes you need to do then are:

Change the prior ACL you created so that its name instead of...

Server [cmdb_ci_server] it then becomes Server [cmdb_ci_server].install_status

By doing this change you will then ONLY apply the ACL to the field install_status of the cmdb_ci_server table.

As for the onBefore onQuery business rule, please make it inactive or delete it since we would not longer need it since that one will restrict all the record.

Thanks,

Berny

View solution in original post

bernyalvarado · ‎07-23-2015

You're welcome Bill! Please let me know how it goes.

Thanks,

Berny

pironbi · ‎07-27-2015

Hi Berny,

I really appreciate all the help.

Still struggling a bit with this. When I create the ACL, it seems too restrictive still. When I say that, I mean, unless you have the eCMDB Admin role AND the installstatus contains "hidden" (99) than you (EVEN IF ECMDB ADMIN) you cannot see any records at all… And, if you have any other role, you cannot see any records.

What I really want to do is have certain roles be able to see every record, including the hidden status, but all other roles see everything BUT hidden status… Does that make any sense?

And if I am not explaining correctly, I apologize!

Thank you so much in advance for all of your help!

Kind regards,

Bill

--

William A. Pirone | Automation, Efficiency & Quality Control | Global Infrastructure Services | IT Services

Ernst & Young LLP

Office: +1 201 872 0219 | Bill.Pirone@ey.com<mailto:Bill.Pirone@ey.com>

Thank you for considering the environmental impact of printing this email.

bernyalvarado · ‎07-27-2015

Hi Bill, indeed it makes sense. The only changes you need to do then are:

Change the prior ACL you created so that its name instead of...

Server [cmdb_ci_server] it then becomes Server [cmdb_ci_server].install_status

By doing this change you will then ONLY apply the ACL to the field install_status of the cmdb_ci_server table.

As for the onBefore onQuery business rule, please make it inactive or delete it since we would not longer need it since that one will restrict all the record.

Thanks,

Berny

pironbi · ‎07-29-2015

Hi Berny,

Thank you for all of your help thus far.

Ive been informed that ACL would not be prudent in our environment due to security constraints. That being said, I tried the following Business rule on before query

function onBefore(current, previous) {

if (!gs.hasRole("ecmdb_admin") && gs.isInteractive()) {

var u = gs.getUserID();

var qc = current.addEncodedQuery("install_status!=99");

gs.print("query restricted to user: " + u);

return qc;

}}

This somewhat works… It does restrict the install status of hidden to everyone and gives them a message that there are no records… The issue is that the ecmdb_admin role still does not see the install_status of hidden. There is no message saying no records to display, it is just a blank space where the record should be. Can you tell me if it is the code I am using? Or possibly steer me in the right direction?

Thank you!!

Kind regards,

Bill

--

William A. Pirone | Automation, Efficiency & Quality Control | Global Infrastructure Services | IT Services

Ernst & Young LLP

Office: +1 201 872 0219 | Bill.Pirone@ey.com<mailto:Bill.Pirone@ey.com>

Thank you for considering the environmental impact of printing this email.

pironbi · ‎07-29-2015

Berny,

No need to go crazy! I figured it out!! I needed to add a few parameters and it works now..

Thank you for all of your help!

Kind regards,

Bill

--

William A. Pirone | Automation, Efficiency & Quality Control | Global Infrastructure Services | IT Services

Ernst & Young LLP

Office: +1 201 872 0219 | Bill.Pirone@ey.com<mailto:Bill.Pirone@ey.com>

Thank you for considering the environmental impact of printing this email.