How to deny access to RITMs for a Certain Catalog Item?

Su522 · ‎10-17-2023

How can I deny access for all, expect for 1 role, to Requested Items (RITMs) for a particular Item (Catalog Item)?

I have a Catalog Item that produces sensitive information. When ordered it creates an RITM. I only want end users with 1 role to be able to see (access) these Requested Item records.

I've attempted creating an ACL with a Condition of: Item = [my catalog item] and added the wanted role, but this is not working.

I've attempted a query BR but this is not working.

I think part of the problem is OOB - there are 6 read ACLs on the RITM [sc_req_item] table that allow access to all.

Can someone please help?

Thank you,

Susan

Su522 · ‎10-17-2023

Here is the solution that worked:

Create 1 new ACL: read on sc_req_item

Condition:

Item is [my catalog item]

Roles:
[dedicated_role_to allow access]

Filter/Open/Update > all other read ACLs for table: sc_req_item
Add Condition:
Item is not [my catalog item]

View solution in original post

AnveshKumar M · ‎10-17-2023

Hi @Su522

In these scenarios Query BR is the best bet. You can try the following script in your Query BR on sc_req_item table. There should not be any conditions in the When to Run tab.

In the Advanced Tab:

Condition: !gs.hasRole('YOUR_ROLE_NAME)

Script:

(function executeRule(current, previous /*null when async*/) {
current.addQuery('cat_item', '!=', 'SYS_ID_OF_YOUT_CATALOG_ITEM');
})(current, previous);

Please mark my answer helpful and accept as solution if it helped you 👍✅

Thanks,
Anvesh

Su522 · ‎10-17-2023

Here is the solution that worked:

Create 1 new ACL: read on sc_req_item

Condition:

Item is [my catalog item]

Roles:
[dedicated_role_to allow access]

Filter/Open/Update > all other read ACLs for table: sc_req_item
Add Condition:
Item is not [my catalog item]