Hi all,
I've got a single user record "Walkup User" that I need to grant access to view and add "Additional Comments" to any record on the incident table regardless of who opened the ticket. The use case is that I've built a service portal that is meant to act like a walk up self help kiosk. The portal will be logged in all the time by this "Walkup User", and I need the person who is at the kiosk to be able to view any incident in the system and add "Additional Comments".
To do this, I've created a new role "walkup_user", and I've given the role to the "Walkup User" user record.
I've then created 4 new ACLs and added the "walkup_user" role to each ACL.
- write ACL to the [incident] table
- read ACL to the [incident] table
- write ACL to the "Additional Comments" field on [incident] table
- read ACL to the "Additional Comments" field on [incident] table
These 4 ACLs are all set to only the "walkup_user" role. And the "Walkup User" has only this role. With these ACLs, the "Walkup User" can still only see the incidents that have the caller "Walkup User".
What am I missing? thanks!
This has been solved...I needed to update the OOB "incident query" Business Rule to accommodate for my user. My initial 4 ACLs were correct, and I also needed the "incident.*" for "read" access. So with the 5 ACLs, and the update to the Business Rule, I was able to grant the single role "walkup_user" to the user and grant the access to see all incidents in the ESS view, and add "Additional Comments" to any incident record.
Here are the ACLs I created...these all have no conditions, Role set to my "walkup_user" role, with no script. I did not need to update any OOB ACLs.
Here's the updated code in the BR:
if (!gs.hasRole("itil") && gs.isInteractive() && gs.getUserID() != '0c1aa4d0db1c3f002b6a894d0b9619ab')//sys_id for Walk-up User
{
var u = gs.getUserID();
var qc = current.addQuery("caller_id", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);
gs.print("query restricted to user: " + u);
}
