- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2023 06:28 AM
Hello guys!
I am currently facing a unique challenge and would greatly appreciate your expertise and assistance in resolving it. My task involves creating an Access Control List (ACL) rule that allows users belonging to the role "sn_customerservice.customer" to view other accounts based on a specific condition.
The Scenario:
In our system, we have a custom field called "u_field" within the account records. What I'm aiming to achieve is the ability for users within the "sn_customerservice.customer" role to view accounts that share the same value in the "u_field" as their own account. To illustrate, let's consider an example:
- User's Account: u_field = "A"
- Another Account: u_field = "A"
In this scenario, I would like the user to have permission to access and view the "Another Account" due to the matching value of "u_field."
Thank you!
#csm #code #acl
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2023 01:13 PM
Hi Bert! I resolved it by using other way. I noticed that some ACLs were using query rules, so I scripted an script include to return a list with sys_ids and then I add another OR codition on that query rule with "javascript: " and it works!
But thank you for all your support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2023 07:45 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2023 10:35 AM
a record in customer_account table
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2023 01:40 PM - edited 08-15-2023 03:22 PM
Hi @boazbenicio,
You can try defining the following script include:
The script is:
function GetUsersUField(usersId) {
var uField = '';
var custAccounts = new GlideRecord('customer_account');
custAccounts.addQuery('contact', usersId);
custAccounts.query();
gs.info("GetUsersUField: Found " + custAccounts.getRowCount() + " records for user: " + usersId);
// we only care about the first
if (custAccounts.next()) {
//get the u_field value
uField = custAccounts.u_field;
}
gs.info("GetUsersUField: Returning: " + uField + ".");
return uField;
}
I only found the the 'contact' field on customer_account that is a reference to the Users table. So that is used above to find the 'u_field' value from a customer_account record.
And script in the ACL:
answer = false;
var uField = GetUsersUField(gs.getUserID());
if (current.u_field == uField)
answer = true;
Hard for me to test as I don't have data in the customer_account table.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2023 01:13 PM
Hi Bert! I resolved it by using other way. I noticed that some ACLs were using query rules, so I scripted an script include to return a list with sys_ids and then I add another OR codition on that query rule with "javascript: " and it works!
But thank you for all your support