Help scripting in a Custom ACL Rule

boazbenicio · ‎08-15-2023

Hello guys!

I am currently facing a unique challenge and would greatly appreciate your expertise and assistance in resolving it. My task involves creating an Access Control List (ACL) rule that allows users belonging to the role "sn_customerservice.customer" to view other accounts based on a specific condition.

The Scenario:
In our system, we have a custom field called "u_field" within the account records. What I'm aiming to achieve is the ability for users within the "sn_customerservice.customer" role to view accounts that share the same value in the "u_field" as their own account. To illustrate, let's consider an example:

- User's Account: u_field = "A"
- Another Account: u_field = "A"

In this scenario, I would like the user to have permission to access and view the "Another Account" due to the matching value of "u_field."

Thank you!

#csm #code #acl

boazbenicio · ‎08-22-2023

Hi Bert! I resolved it by using other way. I noticed that some ACLs were using query rules, so I scripted an script include to return a list with sys_ids and then I add another OR codition on that query rule with "javascript&colon; " and it works!

But thank you for all your support

View solution in original post

Samaksh Wani · ‎08-15-2023

Hello @boazbenicio

What do you mean by accounts, can you explain a bit more on this.

boazbenicio · ‎08-15-2023

a record in customer_account table

Bert_c1 · ‎08-15-2023

Hi @boazbenicio,

You can try defining the following script include:

The script is:

function GetUsersUField(usersId) {
	var uField = '';
	var custAccounts = new GlideRecord('customer_account');
	custAccounts.addQuery('contact', usersId);
	custAccounts.query();
	gs.info("GetUsersUField: Found " + custAccounts.getRowCount() + " records for user: " + usersId);
	// we only care about the first
	if (custAccounts.next()) {
		//get the u_field value
		uField = custAccounts.u_field;
	}

	gs.info("GetUsersUField: Returning: " + uField + ".");
	return uField;
}

I only found the the 'contact' field on customer_account that is a reference to the Users table. So that is used above to find the 'u_field' value from a customer_account record.

And script in the ACL:

answer = false; 
var uField = GetUsersUField(gs.getUserID());
if (current.u_field == uField)
	answer = true;

Hard for me to test as I don't have data in the customer_account table.

boazbenicio · ‎08-22-2023

Hi Bert! I resolved it by using other way. I noticed that some ACLs were using query rules, so I scripted an script include to return a list with sys_ids and then I add another OR codition on that query rule with "javascript&colon; " and it works!

But thank you for all your support