Restrict access to REQ/RITM/SCTASK for a specific Item type
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2019 06:09 AM
Hi All,
We have a specific catalog item to notify of leavers. This then has a workflow to go to relevant teams to remove said user from all the required systems. We want all users to have the ability to raise this item, but once it has been created the subsequent REQ/RITM/SCTASK logs that are raised should only be viewable by a certain group. The SCTASKS should only be viewed by members of the assignment group.
I'm not sure how to best achieve this. We would need this to apply to the global search function and list view.
I've amended the search group for task to exclude this item, this works, however if a user found a ticket number and searched for this it would do an exact search match and load the record.
Any suggestions on a better method to achieve this?
Thanks
Sam
- Labels:
-
Best Practices
-
Scripting and Coding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2019 06:21 AM
All you want is a before query Business rule
Please mark my response as correct and helpful if it helped solved your question.
-Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2019 06:31 AM
Hi Prateek,
thanks for the above. We've had bad issues previously attempting something like this with a before query business rule. My understanding is that this will run before any query that is run on that table.
Previously we had one setup on incident which lead to all incidents being closed incorrectly when the auto close business rule ran so I am quite wary of trying to implement a before query business rule.
I also thought I had read somewhere that these were an old way of working and had since been replaced?
Thanks
Sam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2019 06:37 AM
I really didn't understand why did the before query BR closed all your incidents.
It would only fetch those records from the database if the logged in users clears the condition in the BR.
Anyway, you can make use of read ACL's instead.
Please mark my response as correct and helpful if it helped solved your question.
-Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2019 06:56 AM
Hi Prateek,
I think previously a colleague created an extension to incidents of restricted incidents. He then had a before query business rule which was there to only show all active normal incidents when a normal user viewed the list view, then if the user was from a selected group they would see all active normal incidents and all restricted incidents.
My understanding is the before query business rule runs before any query, so when another business rule ran which should auto close resolved incidents after x number of days, the new before query rule ran and returned all active incidents and the auto close rule then closed all of these.
We have not used before query business rules before or since and are quite cautious due to this last issue.
Is my understanding correct that it will run before every query so can cause unexpected knock on effects depending on what other rules we may have also running?
In regards to the read ACL, we have the current OOB read on sc_req_item where user has role snc_internal. I'm guessing I need to amend the advanced script section on here so if item is the one we want to restrict only return true if member of a certain group. How would I allow that if a sctask is assigned to a group that members of that group can also view the associated RITM and REQ?
Thanks
Sam
