current.group is not available in write ACL

Jotiram Yadav · ‎02-16-2016

I have created a "write ACL" on "sys_user_grmember" table. In the script part, I am using "current.group" to query a table. But it seems that current.group is returning empty.

Here is the script,

gs.log('groups:'+current.group +" USER :"+gs.getUser().getDisplayName());

var gr = new GlideRecord('table_name');

var qc=gr.addQuery('u_approval_group.sys_id',current.group);

gr.addQuery('u_owned_by.sys_id',gs.getUserID());

gr.query();

if(gr.next()){

answer= false;

}

else{

answer= true;

}

It would be great if anybody could help here.

Thanks in advance.

Regards,

Jotiram

Gurpreet07 · ‎02-16-2016

What is printed in logs . Are you trying to query sysapproval_approver table . if so , you may need to provide the right table name in GlideRecord statement.

Jotiram Yadav · ‎02-16-2016

Thanks for reply.

lets not consider the glide record statement.

If I simply write,

gs.log('Group:'+current.group );

Even this is not getting logged. Here current object is pointing to "sys_user_grmember".

fschuster · ‎02-16-2016

Hi Jotiram,

Current should definitely be available as an object in ACLs. Just in general it's better to work with "getValue", especially when dealing with sys_ids.

E.g. in your case: gs.log(current.getValue('group'));.

However that shouldn't be the problem here. You can enable "Debug Security Rules" (via System Security) and make sure your ACL gets evaluated in the first place.

E.g. if you have a Row ACL on sys_user_grmember (for read/write/delete etc.) it might be the case that one of the system rules hits first and yours doesn't even get evaluated which is why you don't see a log statement.

If you want to quickly test this you can set the "rivaling" out-of-the-box ACL's to inactive and try again - you should see your log message then. Don't forget to reactivate them

Frank