How to write business rule to restrict the visibility access to records for users depending on roles
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-28-2023 07:05 AM - edited ‎09-28-2023 07:15 AM
I created a new user role called "user_admin." This role should be checked when granting elevated privileges. Data should only be accessible to users with this new role, while others should be denied access. For example if there are 2 admins one with user_data role should have the access when he elevate the role to security_admin and other without the role should not get the access when he elevate to security_admin. Can someone help me to correct the below BR?
var source = 'Test';
var user = gs.getUser();
var queryFilterUtils = new queryFilteringUtils(user);
if (!gs.hasRole("itil") && !gs.hasRole("security_admin") && !gs.hasRole("itil_admin") && gs.isInteractive()) {
gs.log(user.getDisplayName() + ' is a customer', source);
current.addEncodedQuery(
queryFilterUtils.getTaskEncodedQueryForCustomer());
} else if (!gs.hasRole("security_admin"))
current.addEncodedQuery(
queryFilterUtils.getTaskEncodedQueryForItil());
} else {
gs.log(user.getDisplayName() + ' is an admin', source);
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-28-2023 07:19 AM
Try to use gs.hasRoleExactly('') because gs.hasRole is bypass by admin role meaning that if you have admin it will always be true
If that doesn't make difference you can try to put the encodedQuery directly on the business rule rather than on a script include
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-28-2023 07:28 AM
Hello Mechael
It doesn't work when i use gs.hasRoleExactly('')
