How can I get users to select from a list of inactive users?

neil_b · ‎02-10-2025

I have a record producer where users may select from a list of inactive users to revoke their software license if they are no longer with the company.

The variable on the record producer (which is writing to the request table) is a reference variable looking at the sys_user table with a reference qualifier to display inactive users. I can see inactive users while accessing the record producer because I am an Admin but if I impersonate a regular user, they cannot see inactive users. I need users that are part of the IT Dept (User Group) to be able to select inactive users so they can proceed with revoking software licenses.

I saw that there was a before business rule called [user_query] that controls this, but I don't want to mess with it as it is a high priority file type, so I resorted to using an ACL thus, I created one for READ on the sys_user table. I set the script to the following:

if(gs.getUser().isMemberOf('IT Department')) {
	answer = true;
}else{
	answer = false;
}

When impersonating, I am still not able to see inactive users. Can someone help me with my ACL?

Viraj Hudlikar · ‎02-10-2025

Hello @neil_b

Even if you write ACL query br will come in picture and it will still not allow to see inactive records. You will need to modify br by having condition is login user member of group you need to see inactive records also.

If my response has helped you hit helpful button and if your concern is solved do mark my response as correct.

Thanks & Regards

Viraj Hudlikar.

View solution in original post

jcmings · ‎02-10-2025

I agree with your hesitance to add the user_admin role to the IT Department group.

You can further analyze what ACLs are being failed by searching for the Debug Security Rules module. After clicking that module, a pop-up should appear, and you can impersonate your user, access the record producer, and click into the reference variable; you should see exactly which ACLs are firing.