Restrict Access to records based on role and/or conditions

Community Alums · ‎03-13-2024

I want to restrict access to records and want the user to only see the records of a particular catalog item if they have a specific role or where he is a 'requested_for' (reference field - sys_user) or opened by (reference field - sys_user) user.

I already have a before query business rule on sc_req_item table to allow access for the users with role 'u_pcategory_user' and now I want to add few more checks and allow visibility for requested_for and opened_by users.

I appreciate any help on this.

condition: !gs.hasRole('u_pcategory_user')

script:

(function executeRule(current, previous /*null when async*/ ) {

current.addQuery('cat_item!=a5ac23wd456d9843964b36f0f149ad1a');

})(current, previous);

Community Alums · ‎03-14-2024

@Harish KM - I want the 3 things on the BR

1. Users with the role u_pcategory_user should have access to the records of cat_item!=a5ac23wd456d9843964b36f0f149ad1a on sc_req_item table

2. Requested for field users on sc_req_item table should access the records if they are the user in the field

3. 2. Opened by field users on sc_req_item table should access the records if they are the user in the field

My original script and your script are working only for my 1st condition, I'm not getting the logic right for 2 & 3

Harish KM · ‎03-14-2024

Hi @Community Alums try the below code, you have to remove ! while checking the role

// removed ! from here since Users with the role u_pcategory_user should have access to the records of cat_item

if(gs.hasRole('u_pcategory_user')

{

current.addQuery('cat_item', 'a5ac23wd456d9843964b36f0f149ad1a'); // changed this due to users with role u_pcategory_user can access this catalog records

}

else

{

gs.info("non role users");
var qc=current.addQuery(current.requested_for, gs.getUserID());
qc.addOrCondition(current.opened_by, gs.getUserID());

}

Regards
Harish