Make Request visible to Requester, Approver and Fulfiller only

DebjitGhosh31
Tera Contributor

‎07-17-2023 08:23 PM

Hi,

I want to add access control to a specific catalog item, so that once the requestor raises a request that request/ritm/sctask are only visible to the requestor who raised the request, the specific group who are assigned to fulfill the task, and the approval group. Any other person should not be able to access the request.

 

How can I achieve this so that it doesn't affect my other catalog items.

 

Any suggestions please.

 

Regards,

Debjit

0 Helpfuls
  • 450 Views
3 REPLIES 3

Manmohan K
Tera Sage

‎07-17-2023 09:52 PM

@DebjitGhosh31 

 

You can create Read ACLs with condition applicable for the particular catalog item and use script in ACL to only limit it to particular entities

 

Sample code

// Only requestor, fulfillment group members, and approval group members can access

  var answer=false;
  var currentUserID = gs.getUserID();
  var currentGroupID = gs.getUser().getMyGroups().toString();

  // Condition 1: Requestor can access the record
  if (currentUserID == current.request.requested_for) {
    answer = true;
   
  }

  // Condition 2: Fulfillment group members can access the record
  if (currentGroupID.indexOf(current.assignment_group) > -1) {
    answer = true;
  }

  // Condition 3: Approval group members can access the record
  if (currentGroupID.indexOf(current.approval_group) > -1) {
    answer = true;
  }
0 Helpfuls

DebjitGhosh31
Tera Contributor
In response to Manmohan K

‎07-17-2023 10:37 PM

Hi Manmohan,

 

Thanks for the response.

I have created a READ ACL on sc_req_item table (sc_req_item.none) with the following condition - 

Item IS <required_catalog_name>

And the script is following - 

var answer = false;
var loggedusr = gs.getUserID();
var isRequestor = false;

if (loggedusr == current.requested_for || loggedusr == current.variables.requested_for) {
    isRequestor = true;
}

var isApprover = gs.getUser().isMemberOf('Approver Group Name');
var isFulfiller = gs.getUser().isMemberOf('Fulfiller Group Name');

if (isRequestor || isApprover || isFulfiller) {
    answer = true;
}

But the above setup is not working and the ritm is still available to user who aren't either approver/requestor/fulfiller.

 

Not sure what am I doing wrong??

Would appreciate your help.

 

Thanks and Regards,

Debjit

0 Helpfuls

Manmohan K
Tera Sage

‎07-17-2023 10:49 PM

@DebjitGhosh31 

 

If there are other existing Read ACLs that provide access, then it will not work

You would have to edit other ACL also to make sure they don't grant access