The CreatorCon Call for Content is officially open! Get started here.

Manage access via configuration

Sandhya23
Tera Guru

‎08-01-2024 09:49 PM

I have an ACL that restricts the deletion of incidents in the incident table to just a couple of groups. However, as requirements change and additional user groups need access to the delete functionality, I must update the code to add these new groups. Is there a way to manage this through configuration, so we don't have to modify the ACL directly each time a new group needs access?

0 Helpfuls
  • 433 Views
8 REPLIES 8

Sandhya23
Tera Guru

‎08-03-2024 07:56 PM

 the below script in the ACL (for delete incident table). I impersonated as one of the users who belongs to the group as mentioned din the system property but I am still restricted to delete. is anything wrong with my code below ?

 

// Retrieve the allowed groups from the system property
var allowedGroups = gs.getProperty('incident.delete.groups');
if (allowedGroups) {
    // Convert the comma-separated string to an array
    var groupsArray = allowedGroups.split(',');

    // Get the user's groups
    var userGroups = gs.getUser().getMyGroups().toArray();

    // Check if any of the user's groups are in the allowed groups list
    for (var i = 0; i < userGroups.length; i++) {
        if (groupsArray.indexOf(userGroups[i]) != -1) {
            // If the user belongs to an allowed group, allow the deletion
            answer = true;
            break;
        }
    }
}

// If no allowed group is found or the property is not set, deny the deletion
answer = false;
0 Helpfuls

Mark Manders
Mega Patron

‎08-05-2024 04:46 AM

Why use a complex script to get the same result as a simple configuration on the same ACL, without scripting? Security attribute conditions will enable you to add groups. Both system properties and ACL's need to be updated moving from DEV to PROD, so the only upside is that it can be changed by someone without Security Admin privileges.

Possible issue with the script, although I would move away from it: how are you setting the system property? Are you validating on name, or on sys_id's?  


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls

Sandhya23
Tera Guru
In response to Mark Manders

‎08-05-2024 05:34 AM

Hi Mark,

 

Thank you for the follow-up.

How can I check the logged in user's group in the conditions? We can only select the group on the incident form but not the groups that logged-in user belongs to. This is why I choose to use script where I can check if the logged in user is a member of the groups (as per the requirement) and if yes return true so that the user can delete the incidents. Since the groups are changing now and then I decided to keep them in the system property to make it more dynamic and fetch them in the script.

I am keeping the sys ids of the required groups in the value fields of the system property. But the above code is not working for me.

0 Helpfuls

Mark Manders
Mega Patron
In response to Sandhya23

‎08-05-2024 06:25 AM

It's like I already mentioned:
Use the Security Attribute Condition (1) on locel (2) and select 'Group' (3) to select the group the users needs to be a member of. The ''Data Conditions'' can be used for assignment group and such, but the security attributes for group member ship.

MarkManders_0-1722864243198.png

 


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls