Hi Everyone, our team is creating a widget in a scoped application and am running into some ACL issues.   In the back end, we've created a test group that contains a test role and included three users.   The test role does not contain any other roles.

In our case table, we created a read ACL that will grant read access only if a user is in the test group:

This works perfectly in the backend and our Case list filters correctly, however our widget does not display any records.   We're using GlideRecordSecure as recommended in other posts:

var onbCase = new GlideRecordSecure('x_dnf_onboarding_case');

onbCase.query();

while(onbCase.next()){

data.onbCase.push({

number: onbCase.getDisplayValue('number'),

user: onbCase.getDisplayValue('hr_profile'),

start_date: onbCase.getDisplayValue('hr_profile.employment_start_date'),

short_description: onbCase.getDisplayValue('short_description'),

selected: false,

case_visible: true

})

}

Any suggestions on what's going on here?    

EDIT: After running through a couple scenarios, it looks like GlideRecordSecure doesn't work with a dynamic condition.   In the first scenario, we declared our ACL as must having the test role and the condition must be test_group is dynamic to one of the groups the user is in:

When we impersonate a user with the qualifications, it yields no records in our widget:

However, if we changed our condition to not be dynamic...

We get the correct records showing up:

In both cases, the back end list view is correct:

Has anyone else experienced this?   We're wondering if this is a SN bug or there's something we're not doing correctly in the ACL or GlideRecordSecure.   Thanks!