Further Access restrictions - Global table records

Page22
Tera Contributor

‎10-30-2024 10:56 AM

I have a requirement where the client wants to implement additional restrictions on access to global scope tables. Currently, users with the catalog_admin role can read records from tables like question and question_answer, which are in the global scope. The goal is to ensure that catalog_admin users tied to specific departments (e.g., Finance) can only access records relevant to their department, like Finance, and cannot access records belonging to other departments such as Procurement or HR.

What’s the best approach to implement this type of department-based restriction while preserving the catalog_admin role? Are there recommended methods for using ACLs or scripting conditions to enforce department-specific access restrictions?

0 Helpfuls
  • 286 Views
1 REPLY 1

Akash4
Kilo Sage
Kilo Sage

‎10-30-2024 12:33 PM

Hello, 
Assuming the records (whatsoever the tables are) are populated with Department field & ensuring the non-populated fields are considered as Global department. Also, user profiles are populated with their Dept field.

The solution is to create Dept specific ACLs. Under System Security > Access Control > Create new under Read type, with table names (hopefully its not more than 10 tables), add role as catalog_admin and in advanced script:

if (gs.hasRole('catalog_admin')) {
var userDept = gs.getUser().getDepartmentID();
var recordDept = current.department;
return (userDept == recordDept);//returns true or false here
}
return false;

 

Regards, Akash
If my response proves useful, please mark it "Accept as Solution" and "Helpful". This action benefits both the community and me.