Deleting approver records on CHG or REQ

Russell Abbott · ‎04-13-2023

I have a requirement to disable the ability for an ITIL user to delete an approver record on a CHG or REQ.

I did put in place a rule to block that however during testing I found that even with this rule in place, an ITIL user can still delete an approver record generated and assigned to them

Before I disable that, are there any noteworthy reasons as to why we may want to keep this? Why would an ITIL user be able to delete any records at all, but more specifically an approver record.

Thanks

Weird · ‎04-14-2023

If you don't have any such scenario, then no, I don't think you need to worry about that. Generally I'm against deleting any records, so I don't see why anyone would let itil do that.

How did you make the first rule? There should be an OOB ACL from 2011 (80d53ebec0a801663cf834370c8376d3) that allows itil users to delete approvals. I'd just inactive the whole rule and create a custom version where itil is removed from and that should block any access they have to delete approvals.

Russell Abbott · ‎04-14-2023

I mis described my solution when I said rule. What I actually did was create a system property

'glide.approvals.restrict_delete', which is referenced in that ACL and set to true. But yes, still, ITIL can delete their own approvals, so I may have to look at further modifying that ACL