Item variable permission help

RichGK1 · ‎02-20-2020

I have a multiple choice variable that I want to prevent the itil role from being able to modify when it is visible on the task form but I want itil users to be able to add the item and set the choice at the request level.

I set the Write roles to itil_admin but that prevented an itil user from seeing the variable on the task form.

When I try to set itil role to Read roles it won't let me unless I first clear Write roles

I'm a bit confused as to what the logic is here!

Allen Andreas · ‎02-20-2020

Hi,

So the variable permissions carry on after the catalog item, wherever it is shown. So if you have one scenario where you want that role to be able to write, but then not write over here...this permission section won't help you.

My suggestion would be to simply make a UI Policy for this variable, select the "applies on Task" checkbox, and then set that variable to read-only = true.

That way, they can write to it elsewhere, but not on the task level.

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

View solution in original post

Allen Andreas · ‎02-20-2020

Hi,

So the variable permissions carry on after the catalog item, wherever it is shown. So if you have one scenario where you want that role to be able to write, but then not write over here...this permission section won't help you.

My suggestion would be to simply make a UI Policy for this variable, select the "applies on Task" checkbox, and then set that variable to read-only = true.

That way, they can write to it elsewhere, but not on the task level.

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

johnfeist · ‎02-20-2020

Hi Rich,

If I understand your requirement, you want your users who either have no itil role or have the itil_admin role to be able to change the change the variable, but your fulfillers who have the straight itil role need to see that field as read only.

Your best bet would be to work that through a catalog UI Policy script or a catalog Client Script and leave the permissioning out of the variable definition.

Scripting would look something like this:

if (g_user.hasRole("itil") && !g_user.hasRole("itil_admin") {
   g_form.setReadOnly("<your variable name>", true);
}
else {
      g_form.setReadOnly("<your variable name>", false);
}

Hope that helps.

:{)

Helpful and Correct tags are appreciated and help others to find information faster

Community Alums · ‎02-20-2020

It's worth checking what permissions are already granted elsewhere for this to work, this seemed to work fine in PDI.

The only thing i can think of is a clash of some kind.]]

Kind regards

Phil

RichGK1 · ‎02-26-2020

Hi Phil, I found out the issue was caused by the "mandatory" field being ticked on item form which was overriding any attempts to control it on the UI Policy Action.