The CreatorCon Call for Content is officially open! Get started here.

How to configure ACLs so users can see tickets created by other users in Service Portal?

Go to solution
patricklatella
Mega Sage

‎02-07-2019 10:57 AM

Hi all,

I'm working on a customer service portal, and in the portal I need to allow non-roled users to see a widget called "My company's incidents", and then for them to be able to see all the records on the incident table that have the "company" field set to their company, regardless of who created it.  Is this possible?  The query I have on the widget is correct, but when impersonating users I cannot see the records created by other users.  Anyone know how to do this?

  • 2,750 Views
1 ACCEPTED SOLUTION

Go to solution
DScroggins
Kilo Sage

‎02-07-2019 11:14 AM

Hi Patrick, You can modify the before query business rule "incident query" on the incident table. You can adjust the script to allow users to see the records according to whatever requirements you have. Currently only users who are the caller or opened by can see the incidents if they don't have roles. Once you modify the BR then the incident record will show in portal.

View solution in original post

21 REPLIES 21

Go to solution
DScroggins
Kilo Sage

‎02-07-2019 11:14 AM

Hi Patrick, You can modify the before query business rule "incident query" on the incident table. You can adjust the script to allow users to see the records according to whatever requirements you have. Currently only users who are the caller or opened by can see the incidents if they don't have roles. Once you modify the BR then the incident record will show in portal.

Go to solution
patricklatella
Mega Sage
In response to DScroggins

‎02-07-2019 11:37 AM

thanks so much David!  Yes that seems to be the issue, we've de-activated that business rule and it's working.  So you're saying all the logic necessary to control who can see what records from the incident table can be done here without having to touch any ACLs?

Go to solution
DScroggins
Kilo Sage
In response to patricklatella

‎02-07-2019 01:25 PM

No problem!

No there are also ACL's at play that restrict CRUD activities against the Incident table the before query BR simply removes records that are not applicable for the user to access. When viewing in the normal UI the message "Security constraints removed xxx records" will show when ACLs prevent access. When the BR rule removes records this message isnt shown to end users so they basically get filtered out before the ACLs are run.

Go to solution
patricklatella
Mega Sage
In response to DScroggins

‎02-07-2019 03:42 PM

Excellent David,

thanks so much for the explanation!

0 Helpfuls