Restrict Access to records based on role and/or conditions

Community Alums · ‎03-13-2024

I want to restrict access to records and want the user to only see the records of a particular catalog item if they have a specific role or where he is a 'requested_for' (reference field - sys_user) or opened by (reference field - sys_user) user.

I already have a before query business rule on sc_req_item table to allow access for the users with role 'u_pcategory_user' and now I want to add few more checks and allow visibility for requested_for and opened_by users.

I appreciate any help on this.

condition: !gs.hasRole('u_pcategory_user')

script:

(function executeRule(current, previous /*null when async*/ ) {

current.addQuery('cat_item!=a5ac23wd456d9843964b36f0f149ad1a');

})(current, previous);

Community Alums · ‎03-14-2024

Hi @Harish KM - This works exactly the same way as my original script, only users with u_pcategory_user role able to access the records of the catalog item. Requested for or opened by users do not have access to any records of the catalog item.

Harish KM · ‎03-14-2024

Hi @Community Alums do the requested for users have read access to read their own records? Can you disable this BR and confirm?

Regards
Harish

Community Alums · ‎03-14-2024

@Harish KM - Yes, they do have.

Harish KM · ‎03-14-2024

Hi @Community Alums

did you remove the condition !gs.hasRole('u_pcategory_user' from your BR?

also can you check for logs whether it comes under else?

if(!gs.hasRole('u_pcategory_user')

{

current.addQuery('cat_item!=a5ac23wd456d9843964b36f0f149ad1a');

}

else

{

gs.info("non role users");
var qc=current.addQuery(current.requested_for, gs.getUserID());
qc.addOrCondition(current.opened_by, gs.getUserID());

}

Regards
Harish

Community Alums · ‎03-14-2024

Hi @Harish KM - Yes, I made the condition blank. Still the same non role users can't see.