How to create an ACL rule to restrict a role from seeing a specific service offering

Go to solution
Rhonda9
Tera Expert

‎12-20-2023 02:22 PM

Hello,

 

How can I modify the Read acl rule to restrict visibility of "IT Customer Service" service offering from users with a specific role "cbt_restriction".  It is restricting access for the role but also snc_internal role (our end users)   .  How can I modify this ACL script to make this happen?

 

 

var answer=true; //Restrict access by default

if( gs.getUser().hasRole('cbt_restriction'));
{
answer=false;
}

Rhonda9_0-1703110831497.png

 

0 Helpfuls
  • 2,315 Views
1 ACCEPTED SOLUTION

Go to solution
Maik Skoddow
Tera Patron
Tera Patron
In response to Rhonda9

‎12-21-2023 04:03 AM

Hi @Rhonda9 

I think you misunderstood ACLs completely. They do not restrict something, they allow something. And you still do not provide all required information, therefore I have to make assumptions.

  • Am I right that you only have one ACL defined, the one you added as a partial screenshot?
  • Am I right that you have added to that ACL one role "snc_internal"?

 

If so, then everything works as expected. Why? Think the other way round! As your ACL only "fires" for "Name" = "IT Customer Service", no other ACLs can grant access and thus all users have no access.

 

My recommendation: If you want to keep only one ACL, you should remove the condition and modify the script as follows:

 

answer = true; 

if (current.name == 'IT Customer Service' && gs.getUser().hasRole('cbt_restriction')) {
  answer = false;
}

 

 Maik

View solution in original post

0 Helpfuls
7 REPLIES 7

Go to solution
Maik Skoddow
Tera Patron
Tera Patron

‎12-21-2023 01:13 AM

Hi @Rhonda9 

sorry, I don't get your point.

What do you mean when saying "It is restricting access for the role but also snc_internal role (our end users)"?

Is this the issue? Is this a requirement? Is this a question?

Please explain it better.

Maik

0 Helpfuls

Go to solution
Rhonda9
Tera Expert
In response to Maik Skoddow

‎12-21-2023 03:51 AM

I want it to restrict access from users with the cbt_restriction role but not all of our end users.  It is also restricting access  from our end users who do not have the custom role "cbt_restriction".

In other words, if a user do not have the cbt_restriction role, they should be able to see the service offering.   Please let me know if you have any more questions and Thank you.

 

0 Helpfuls

Go to solution
Maik Skoddow
Tera Patron
Tera Patron
In response to Rhonda9

‎12-21-2023 04:03 AM

Hi @Rhonda9 

I think you misunderstood ACLs completely. They do not restrict something, they allow something. And you still do not provide all required information, therefore I have to make assumptions.

  • Am I right that you only have one ACL defined, the one you added as a partial screenshot?
  • Am I right that you have added to that ACL one role "snc_internal"?

 

If so, then everything works as expected. Why? Think the other way round! As your ACL only "fires" for "Name" = "IT Customer Service", no other ACLs can grant access and thus all users have no access.

 

My recommendation: If you want to keep only one ACL, you should remove the condition and modify the script as follows:

 

answer = true; 

if (current.name == 'IT Customer Service' && gs.getUser().hasRole('cbt_restriction')) {
  answer = false;
}

 

 Maik

0 Helpfuls

Go to solution
Rhonda9
Tera Expert
In response to Maik Skoddow

‎12-21-2023 05:59 AM

Thank you so much! I do apologize for the confusion.  

0 Helpfuls