ESS Users: Allow users to see group and group member information

Joel_Miller · ‎07-16-2014

I would like to allow users (ESS users) to see the information about the groups that their tickets are assigned to. I want them to see information about the group and the group members. I would imagine this is based on ACLs but I am not sure where to start. Does anyone know how to accomplish this? Have you ever done this or do you know what to do?

Thanks in advance!

TrevorK · ‎07-16-2014

The ACL is the place where the ESS members will need to be granted permission to access the records. If I recall, by default, the ACL for group membership is that you need to have a role (any role) in order to see the records from the group table (gs.getUser().hasRoles()).

If this is the case, the first step is to either grant all your ESS users a role or open up the ACLs on the table to allow anyone to read the records. At the same time, you can restrict what fields they should be able to read (not necessarily because they should not see the information, but it may cause confusion and clutter and ACLs are the recommended way to restrict what people see because they are quicker than UI policies and scripts I believe). Once you have granted them permission through the ACL you just need to make sure your forms are updated to have the necessary group field on them to allow the user to look it up.

So, I guess to start you need to make the decision of whether you will grant all your users a role or change the ACL. The answer to this question seems simple to some (change the ACL) but it depends on how your system is used. For example, if you have different classes of users (students and staff in a university), you may not want students to see the information but it is OK for staff to.

Hope this helps. If you need anything further just reply!

View solution in original post

TrevorK · ‎07-16-2014

The ACL is the place where the ESS members will need to be granted permission to access the records. If I recall, by default, the ACL for group membership is that you need to have a role (any role) in order to see the records from the group table (gs.getUser().hasRoles()).

If this is the case, the first step is to either grant all your ESS users a role or open up the ACLs on the table to allow anyone to read the records. At the same time, you can restrict what fields they should be able to read (not necessarily because they should not see the information, but it may cause confusion and clutter and ACLs are the recommended way to restrict what people see because they are quicker than UI policies and scripts I believe). Once you have granted them permission through the ACL you just need to make sure your forms are updated to have the necessary group field on them to allow the user to look it up.

So, I guess to start you need to make the decision of whether you will grant all your users a role or change the ACL. The answer to this question seems simple to some (change the ACL) but it depends on how your system is used. For example, if you have different classes of users (students and staff in a university), you may not want students to see the information but it is OK for staff to.

Hope this helps. If you need anything further just reply!

Joel_Miller · ‎07-16-2014

Thanks. I think this will do it. However, I had another meeting with our Helpdesk Manager and we decided no to do this yet. However, when we do, I think I have enough information between these two posts.

Thanks!

Subhajit1 · ‎07-16-2014

Hi Joel,

Just adding to what Trevor has said, you also need to provide the ESS Users read access on the sys_user_grmember table through ACLs, ie you need to remove any read restriction on the Records.

Thanks,

Subhajit