Restrict access of tickets per group

Pat Surtan · ‎06-26-2022

Hello Everyone,

I have a custom table where 3 different teams can access. Team 1 can see all tickets. Team 2 can only see tickets assigned to their category and team 3 can only see tickets assigned to their category as well. How can I achieve this? Please provide detailed steps and thank you in advance.

Kieran Anson · ‎06-26-2022

Hi Pat,

you can achieve this with either read ACLs or before query rules. It depends on the level of security you provide.

Read ACLs provide database security, but not the best user experience if you don't set these different user groups up with filtered views. They could potentially see the "Number of rows removed from this list by Security constraints" warning at the bottom of the list which isn't too pretty.

Before Queries don't have this issue, and filter the content based on the query running on the database. This can also lead to performance benefits.

Pat Surtan · ‎06-27-2022

Hi Kieran,

I tried using ACL's. I created 2 read acl's with table.none and it seems to be conflicting. The acl that provides more access takes precedence. Because I have 3 teams (so far) that need separate visibility within my ticket, I think my only option is to use a before business query rule. What are your thoughts on that? Do you have a sample script you can provide to assist?

Kieran Anson · ‎06-27-2022

Hi Pat,

For an ACL, you would need different roles:

admin - can see all tickets
category - can see only category tickets
category2 - can see only category tickets to them

ACLs go on most privilege, so currently your ACLs are giving them full access.

Pat Surtan · ‎06-28-2022

Hi Kieran,

I don't think the acl route works best for us so I am exploring query business rule right now. Another poster provided sample code below. After pondering it over, I am not sure if the logic can be easily maintained. I replied to the other poster with followup question in this thread if you care to take a look and provide your feedback.

Thanks again.