List control based on dynamic roles

hhakkanen · ‎08-18-2015

Hello all,

I am trying to build an application which is used globally but limit visibility by regions and I am currently looking at using roles.

I want users to be able to see the records created (or opened) by a person with the same role. For example, I create a record and I have a role called "Europe". Other users with the same role should see and edit those records. But a user without the role should not see records I have created.

ACL for the table is probably the way to go but how do I script checking of the role?

Thanks,

Henrikki

Thijs Daemen · ‎08-20-2015

gs.getUser().getLocation() returns a sys_id of a cnm_location record. You'll need to retrieve the record first before dot-walking.

var gr = new GlideRecord('cnm_location');

gr.get(gs.getUser().getLocation());

gr.parent.parent; // return region

View solution in original post

Kalaiarasan Pus · ‎08-18-2015

You might still go with the location field on the user record instead of group... Define a script include as below and call it in the filter of your application...

Sample script:

function getLocationUsers()

{

var currentLocation = gs.getUser().getLocation();

var users = [];

var otherUsers = new GlideRecord('sys_user');

otherUsers.addQuery('location',currentLocation);

otherUsers.addActiveQuery();

otherUsers.query();

while(otherUsers.next())

{

users.push(otherUsers.getValue('user_name'));

}

return users.toString();

}

Filter:

hhakkanen · ‎08-18-2015

Thanks for replying.

Yes, going with location is an option. However, you don't get the degree of granularity. There would be ITIL users in the corporate office who should not see records created by other users in the location.

hhakkanen · ‎08-20-2015

I am narrowing it down.

However, now my issue is to dot-walk from the current user's location to his region.

We have a hierarchial locations, like this:

Zurich is a child of Switzerland is a child of Europe.

I want to give visibility to all users in the region with a certain role. Here is my script:

var answer = '';

var currentLocation = gs.getUser().getLocation();

var currentRegion = gs.getElement(currentLocation.parent.parent);

var users = [];

var otherUsers = new GlideRecord('sys_user');

otherUsers.addQuery('location.parent.parent',currentRegion);

otherUsers.addQuery('roles', "x_nyrs2_xtra_tasks.user");

otherUsers.addActiveQuery();

otherUsers.query();

while(otherUsers.next())

{

users.push(otherUsers.getValue('sys_id'));

}

gs.log('HH: '+users.toString());

answer = 'sys_idIN'+users.toString();

return answer;

The line in bold does not work obviously.

How do I dot-walk from the user object to its location's parent's parent?

Kalaiarasan Pus · ‎08-20-2015

Use the current location of the user and do a gliderecord on the location table to get all the child locations and push their sys id to an array. Now, pass the locations found in the first step to the below query

otherUsers.addQuery('location.parent.parent',currentRegion);

Replace as

otherUsers.addQuery('location','IN',location list);