How to Control Record Access

chanikya
Kilo Sage

2 hours ago

Hi All,
Kindly let me know how can I fix this issue.

we have Total 17 Lakhs records in Incident table.


✅ Direct Incident assignees: 1  see&access Incidents where they are directly assigned to Incident .
2. Get access to incidents where complex checkbox =false(regardless of assignment) , but should not get access to incidents where Complex=true.
✅ Task assignees see the Incidents(regardless of complex values) only which Incident has Task & that tasks assigned on his name. (here No complex filed limit here)
✅ Admins and ITIL users see everything.


Query Business Rule :  I'm not sure where I'm doing Wrong, some times table not loading when I impersonate with test user. some times he is losing accesss on all incidents, some times he is getting access to all incident .

(function executeRule(current, previous /*null when async*/ ) {


    // 🔹 Helper: Get group list from system property
    function getAccessGroupList() {
        var prop = gs.getProperty('incident.access.groups ', '');
        return prop.split(',').map(function(name) {
            return name.trim();
        });
    }

    function isUserInGroups(groupNames) {
        var agg = new GlideAggregate('sys_user_grmember');
        agg.addQuery('user', gs.getUserID());
        agg.addQuery('group.name', 'IN', groupNames.join(','));
        agg.addAggregate('COUNT');
        agg.query();
        return agg.next() && parseInt(agg.getAggregate('COUNT')) > 0;
    }

    if (gs.getUser().hasRole('admin') || gs.getUser().hasRole('itil')) {
        return;
    } else if (isUserInGroups(getAccessGroupList())) {

        var userId = gs.getUserID();
        var visibleIncidentIds = [];

        // 🔹 2. Incidents with tasks assigned to the user
        var taskGR = new GlideRecord('ticket');
        taskGR.addQuery('assigned_to', userId);
        taskGR.query();
        while (taskGR.next()) {
            var incidentId = taskGR.getValue('parent');
            if (incidentId && visibleIncidentIds.indexOf(incidentId) === -1) {
                visibleIncidentIds.push(incidentId);
            }
        }

        if (visibleIncidentIds.length > 0) {
            var encodedQuery = 'sys_idIN' + visibleIncidentIds.join(',') +
                       '^NQassigned_to=' + userId +
                       '^opened_by=' + userId +
                       '^u_complex=false';
    current.addEncodedQuery(encodedQuery);
        } else {
            var qc = current.addQuery('assigned_to', userId);
            qc.addOrCondition('opened_by', userId);
            current.addQuery('u_complex', false);
        }
    }

})(current, previous);




kindly help me 


0 Helpfuls
  • 120 Views
0 REPLIES 0