- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2023 12:23 AM
Hi,
My scenario is- I had created new Record Producer and submitted the record (INC0010001). I added the Record Producer script to set the Assignment group. When I impersonate with another user who is not in assignment group, the record (INC0010001) need not to be displayed. Incident record (INC0010001) is only visible to assignment group members, who is in the incident table assignment group filed. Please let me know if you have any idea regarding this. Thanks
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2023 12:55 AM
In that case, you are going to need to review your ACL's.
All Read ACL's which contain some relationship to a user in a group or a group itself will need to be checked.
In condition you can add Assignment group , Is dynamic , One of my groups.
Please make sure you don't edit the ACL's related to for example the caller, watchlist etc, because you will limit the user to see and update their own records.
Help others to find a correct solution by marking the appropriate response as accepted solution and helpful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2023 01:31 AM
Hi @praveen1231,
Have you gone through all other incident ACL's? Just creating a new one is not enough.
If any ACL's matches it will give access, so the OOTB ACL's, are now probably just saying, this user has itil or incident_read role, so that user can see all incidents.
Help others to find a correct solution by marking the appropriate response as accepted solution and helpful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2023 12:37 AM
Hi @praveen1231,
Do you really need data separation? (Groups may never see each others records), or would it be enough to provide default queries, with which groups initially see their own records, but have the ability to see others.
There are some downsides to use data separation, especially when groups might have to reassign to other groups.
Is this needed for some records on the incident table for some groups, or for all records, for all groups?
The approach will differ dependent on the use case.
Help others to find a correct solution by marking the appropriate response as accepted solution and helpful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2023 12:50 AM
@Peter Bodelier yes, I need it for all groups. If the Incident is assigned to particular assignment group, only that particular group member can be able to see that incident record.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2023 12:55 AM
In that case, you are going to need to review your ACL's.
All Read ACL's which contain some relationship to a user in a group or a group itself will need to be checked.
In condition you can add Assignment group , Is dynamic , One of my groups.
Please make sure you don't edit the ACL's related to for example the caller, watchlist etc, because you will limit the user to see and update their own records.
Help others to find a correct solution by marking the appropriate response as accepted solution and helpful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2023 01:29 AM
@Peter Bodelier I'm sorry to say this but it couldn't worked. Please refer the following screen short weather I make any error.
