I need to write a ACL for read

Chandra18
Mega Sage

‎04-03-2024 10:45 PM

Hello Expert,

I need to write a ACL (Access control list) for giving read access on records to current logged-in-user 
Conditions:
1. if He is manager of any group & Having ITIL role  "AND"
2. He can see record only if resolved by is a group member where he is the manager.

For Example: If I am current logged in user and I am the manager of X group & having ITIL role,Show I can see which record only they resolved by X group's member.

Note: Please make achievable it by script include & Call script include from ACL script.

Thank You!

0 Helpfuls
  • 309 Views
2 REPLIES 2

Deepak Shaerma
Kilo Sage

‎04-03-2024 11:37 PM

Hi @Chandra18 
you can just create a ACL of record type and read operation, and try to right down the script

// Condition 1: Check if the user has the ITIL role.
    var hasITILRole = gs.hasRole('itil');
    
    if (!hasITILRole) {
        return false; // Exit if the user doesn’t have the ITIL role.
    }
    
    // Condition 2: Check if the user is a manager of any group.
    var userID = gs.getUserID(); // Get current user’s ID.
    var groupMgrQuery = new GlideAggregate('sys_user_group');
    groupMgrQuery.addQuery('manager', userID);
    groupMgrQuery.query();
    
    if (!groupMgrQuery.hasNext()) {
        return false; // Exit if the user is not a manager of any group.
    }
    
    // Condition 3: Check if the record was resolved by a member of the group(s) the user manages.
    var userManagedGroups = [];
    while (groupMgrQuery.next()) {
        userManagedGroups.push(groupMgrQuery.getUniqueValue()); // Store managed group IDs.
    }
    
    var resolvedByUserID = current.resolved_by.getRefRecord().getUniqueValue(); // Assuming ‘resolved_by’ is the reference field to the resolver.
    var groupMemberQuery = new GlideRecord('sys_user_grmember');
    groupMemberQuery.addQuery('user', resolvedByUserID);
    groupMemberQuery.addQuery('group', 'IN', userManagedGroups.join(','));
    groupMemberQuery.query();
    
    return groupMemberQuery.hasNext();

modify the script according to your usecase
Note: Please Mark this Helpful and Accepted Solution. If this Helps you to understand. This will help both the community and me..
- Keep Learning ‌‌
Thanks & Regards 
Deepak Sharma


0 Helpfuls

Anubhav24
Mega Sage
Mega Sage

‎04-04-2024 01:20 AM

Hi @Chandra18 ,

For role you need not write the script you can specify the role under roles tab. Rest is already explained by our colleague.

 

Please mark helpful/correct if my response helped you.

0 Helpfuls