Need comments: ACL script change on sys_user_group table

nirwan_ritik
Tera Contributor

‎10-17-2023 08:25 AM

Hello all, we have a read ACL on sys_user_group (Group Table). The purpose of it is to give read access to the users who are having at least one role.

 
We had below script before the UTAH upgrade.
if (gs.getUser().hasRoles())
    answer = true;
else
    answer = false;
 
User who were having only one role, basic role snc_internal, were able to see the list of groups.
But, after utah, gs.getUser().hasRoles() started returning false for user with single role snc_internal.
 
We raised high case with ServicesNow. They told us this function is not considering the snc_internal role and returning false. To fix this, the proposed below script. 
if (gs.getUser().hasRole('snc_internal'))
    answer = true;
else
    answer = false;
 
as snc_internal role will be there with every user, this fixed our issue!
 
My Question: Will this script change have any adverse effect on any area.
 
Please help us with your comments. 
Thanks 🙂  
0 Helpfuls
  • 322 Views
2 REPLIES 2

Danish Bhairag2
Tera Sage
Tera Sage

‎10-17-2023 08:33 AM

Hi @nirwan_ritik ,

 

I don't think that change should have any affect on the environment as it is just validating for a role.

 

Thanks,

Danish

0 Helpfuls

Suyog Aptikar
Giga Guru

‎10-17-2023 08:35 AM - edited ‎10-17-2023 08:36 AM

I think for this you can remove script and have snc_internal role in role section of ACL(if you don't select anything in role by default snc_internal is added), because both are one and same, I feel no need to have script in this case all normal user profile have snc_internal so you should be good but have a check once on if all functional profile have snc_internal role.

 

If my answer has helped with your question, please mark my answer as accepted solution and give a thumb up.



Best regards

Suyog
0 Helpfuls