Restrict Access to Group member using ACL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-06-2025 09:35 AM
I have requirement to restrict access to user if user is member of particular group.
When user is member of particular group, user should see case which is assigned to two groups. For that I wrote below script, but it is not working as expected.
I am using Deny Unless Read ACL for "sn_hr_core_case" table.
if (gs.getUser().isMemberOf('Talent Acquisition Coordination Representative India') && !gs.getUser().isMemberOf('Talent Acquisition Coordination Representative Manila')) {
if (current.assignment_group == talentAcqspecialistIndia || current.assignment_group == talentAcqIndia) {
answer = true;
} else {
answer = false;
}
}else
{
answer = true;
}
The issue here, logged in user is able to see case assigned to the first group in if loop (
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-06-2025 09:55 AM - edited ‎07-06-2025 10:14 AM
Hi @MelwinA ,
Your script likely failed because talentAcqspecialistIndia and talentAcqIndia were not defined as sys_id strings or properly initialized.
you can try this approach is your ok with putting sys id of group :
var talentAcqspecialistIndia = new GlideRecord('sys_user_group');
talentAcqspecialistIndia.get('sys_id_of_group_1');
var talentAcqIndia = new GlideRecord('sys_user_group');
talentAcqIndia.get('sys_id_of_group_2');
if (gs.getUser().isMemberOf('Talent Acquisition Coordination Representative India') &&
!gs.getUser().isMemberOf('Talent Acquisition Coordination Representative Manila')) {
if (current.assignment_group == talentAcqspecialistIndia.sys_id || current.assignment_group == talentAcqIndia.sys_id) {
answer = true;
} else {
answer = false;
}
} else {
answer = true;
}
Chandan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-06-2025 09:57 AM
Hi @MelwinA ,
check if there is any query BR or any other ACL blocking the access
try the Access analyzer take a sample case that's assigned to group with which it's not working (talentAcqIndia)
refer this video on how to use it
https://www.youtube.com/watch?v=1x62ZwWb8Ao
I don't see value assignments for variables talentAcqspecialistIndia and talentAcqIndia (do you have values set in the script?)
Please mark my answer as helpful/correct if it resolves your query.
Regards,
Chaitanya
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-06-2025 10:37 AM
Hi @Chaitanya ILCR
I have check with Access analyzer. User do not have access to second group in if loop. And there is no any query business rule exist for this group.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-06-2025 10:14 AM
@SD_Chandan I have stored sys in the Property. There is no issue with sys Id. It seems issue with If loop after the Or condition. First condition in the if loop is working fine. after the OR condition it is not working. I have tried interchange the Syis ID in the if loop. Against first condition is working fine.