Restrict HR agents to work on those HR cases assigned to the group which they are part of

Go to solution
swaghosh
Tera Expert

‎06-19-2024 08:09 AM

Suppose I have a group "XYZ" and the group has 3 members: A, B and C are the members. Now A and B are only part of XYZ group whereas member C is part of 2 other groups: "ABC" and "EFG". All the groups have sn_hr_core_basic role in order to work on HR cases and HR tasks.
Now requirement is : members A and B can only see those HR cases and HR tasks assigned to their group "XYZ" and they should not see any other HR cases and HR tasks. Whereas member C who part of 3 group altogether doesnt have any restriction on accessing the HR records. User "C" can access any HR case and HR task assigned to any group.

0 Helpfuls
  • 546 Views
2 ACCEPTED SOLUTIONS

Go to solution
Sandeep Rajput
Tera Patron
Tera Patron

‎06-19-2024 09:14 AM

@swaghosh You need to create following business rules on HR Case and HR Task as follows.

 

1. HR Case

Screenshot 2024-06-19 at 9.39.53 PM.png

Screenshot 2024-06-19 at 9.40.31 PM.png

 

Condition:

!gs.hasRole('admin')&&gs.isInteractive()

Script:

(function executeRule(current, previous /*null when async*/) {

	// Add your code here
	current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744');

})(current, previous);

 

HR Task:

Screenshot 2024-06-19 at 9.36.02 PM.pngScreenshot 2024-06-19 at 9.36.08 PM.png

Condition:

 

!gs.hasRole('admin')&&gs.isInteractive()

 

Script:

 

(function executeRule(current, previous /*null when async*/) {

	// Add your code here
	current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744');

})(current, previous);

 

 

View solution in original post

Go to solution
Tushnik Chakrab
Giga Guru

‎06-19-2024 10:01 AM

Hey @swaghosh ,

 

Greetings for the day !!

 

The one you had mentioned is achievable through query BR .

For the user who could access any records - we could have a Super user group created and those specific users could be added to that group - and we can restrict the BR from functioning for them .

 

We would need to go to the sys_user_grmember table to achieve this since its scoped application 

(function executeRule(current, previous /*null when async*/) {
	var isSuperUser=fnIsSuperUser();
	
	//run the query only if currently logged in user is not a member of the superuser group
	if(!isSuperUser){
		current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744');
	}
	

})(current, previous);

function fnIsSuperUser(){

	var isSuperUserFlag=false;
	var grGrpMem=new GlideRecord('sys_user_grmember');
	grGrpMem.addQuery('group.name',"SuperUser Group");
	grGrpMem.addQuery('user',gs.getUserID());
	grGrpMem.query();
	if(grGrpMem.next()){
		isSuperUserFlag=true;
	}
	return isSuperUserFlag;

}

View solution in original post

4 REPLIES 4

Go to solution
Sandeep Rajput
Tera Patron
Tera Patron

‎06-19-2024 09:14 AM

@swaghosh You need to create following business rules on HR Case and HR Task as follows.

 

1. HR Case

Screenshot 2024-06-19 at 9.39.53 PM.png

Screenshot 2024-06-19 at 9.40.31 PM.png

 

Condition:

!gs.hasRole('admin')&&gs.isInteractive()

Script:

(function executeRule(current, previous /*null when async*/) {

	// Add your code here
	current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744');

})(current, previous);

 

HR Task:

Screenshot 2024-06-19 at 9.36.02 PM.pngScreenshot 2024-06-19 at 9.36.08 PM.png

Condition:

 

!gs.hasRole('admin')&&gs.isInteractive()

 

Script:

 

(function executeRule(current, previous /*null when async*/) {

	// Add your code here
	current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744');

})(current, previous);

 

 

Go to solution
swaghosh
Tera Expert
In response to Sandeep Rajput

‎06-19-2024 10:41 AM - edited ‎06-19-2024 10:43 AM

Thanks a lot for your response.

0 Helpfuls

Go to solution
Sandeep Rajput
Tera Patron
Tera Patron
In response to swaghosh

‎06-19-2024 10:43 AM

@swaghosh Thannks a lot for marking the answer helpful and accepted solution.

0 Helpfuls

Go to solution
Tushnik Chakrab
Giga Guru

‎06-19-2024 10:01 AM

Hey @swaghosh ,

 

Greetings for the day !!

 

The one you had mentioned is achievable through query BR .

For the user who could access any records - we could have a Super user group created and those specific users could be added to that group - and we can restrict the BR from functioning for them .

 

We would need to go to the sys_user_grmember table to achieve this since its scoped application 

(function executeRule(current, previous /*null when async*/) {
	var isSuperUser=fnIsSuperUser();
	
	//run the query only if currently logged in user is not a member of the superuser group
	if(!isSuperUser){
		current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744');
	}
	

})(current, previous);

function fnIsSuperUser(){

	var isSuperUserFlag=false;
	var grGrpMem=new GlideRecord('sys_user_grmember');
	grGrpMem.addQuery('group.name',"SuperUser Group");
	grGrpMem.addQuery('user',gs.getUserID());
	grGrpMem.query();
	if(grGrpMem.next()){
		isSuperUserFlag=true;
	}
	return isSuperUserFlag;

}