Give Read ACL to RITM based on condition

AbidJafrey
Tera Contributor

‎07-02-2025 11:46 PM

HI all,

 

I have a requirement where i need to give read ACL on RITM table where there is a condition Service Provider = MY_value, now this ACL is already there created having a role ITIL_HR, i need this to be added to a new role and even admin should not be able to view these RITM's.

I have tried to uncheck admin override and add my new role to that ACL but it doesn't seem to work. Can someone help me with this

0 Helpfuls
  • 338 Views
4 REPLIES 4

nityabans27
Giga Guru

‎07-02-2025 11:52 PM

Hi @AbidJafrey ,

Faced a similar issue before — adding a role and unchecking "admin overrides" alone didn’t work.

Fix was:

  1. Scripted ACL on sc_req_item with logic:

    answer = false;
var allowed = ['itil_hr', 'your_custom_role'];
if (allowed.some(r => gs.hasRole(r)) && current.service_provider == 'MY_value') {
    answer = true;
}

  2. Unchecked "Admin overrides" – this blocks admin from bypassing.

  3. Tested with non-admin users (don’t impersonate).

  4. For backend GlideRecord access, added a Before Query BR to abort access if roles don’t match.

This fully restricted RITMs even from admins when service provider matched.


If you find my reply helpful please accept it as a solution. 

Thanks and regards
Nitya Bansal

0 Helpfuls

AbidJafrey
Tera Contributor
In response to nityabans27

‎07-03-2025 12:00 AM

Hi Nitya,


Thanks for your response, Can you help me with

  1. Tested with non-admin users (don’t impersonate). - dont impersonate meaning asking the users to test?

  2. For backend GlideRecord access, added a Before Query BR to abort access if roles don’t match.- could you help with the script and what it does

0 Helpfuls

GlideFather
Tera Patron
In response to AbidJafrey

‎07-03-2025 12:19 AM

@AbidJafrey 
No need to, the 1. is that you create a new user give them the roles and in the list view you can get that user password and this credentials to be used with logging it. And don't forget to deactivate and remove the roles after your test is completed.

 

———
/* If my response wasn’t a total disaster ↙️ drop a Kudos or Accept as Solution ↘️ Cheers! */


0 Helpfuls

Nishant8
Giga Sage

‎07-03-2025 12:32 AM

Hello @AbidJafrey, Can you please update the following script in Script section of ACL and verify. Keep the admin override unchecked.

answer = !gs.getUser().hasRole('admin');

 

Regaards,

Nishant 

0 Helpfuls