How can I conditionally control access to a request based on group?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2024 09:41 AM
I have a business requirement to keep HR requests and incidents from anyone viewing the tickets unless they are a member of the HR group or the person who opened the ticket. I thought I could easily do that with an ACL, but I'm wrong.
The requirement is for all RITM, SCTASK, INC tickets that are assigned to HR, only HR and the person who opened the ticket can view the ticket and only HR can fulfill the ticket. There isn't a restriction if the ticket doesn't belong to HR, OOB ACL rules should apply.
My goal was to leave the OOB ACL rules for these tables as is and only add ACLs for the HR requirements.
Can someone give me some direction, please?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2024 09:51 AM
Hi @gjz ,
you can write query business rule, add query like
current.addQuery(gs.getUser().isMemberOf(‘HR’) or created by me
if you want to check for all group then you can use onOffMyGroup()
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2024 10:21 AM
Hi,
you can create ACL for the RITM, SCTASK, INC tables with the checking if a current user member of HR group: gs.getUser().isMemberOf(‘HR’). If user is non a member of HR or person who opened the RITM, TASK, INC - record will be hidden
