The CreatorCon Call for Content is officially open! Get started here.

Restrict HR agents to work on those HR cases assigned to the group which they are part of

Go to solution
swaghosh
Tera Expert

‎06-19-2024 08:09 AM

Suppose I have a group "XYZ" and the group has 3 members: A, B and C are the members. Now A and B are only part of XYZ group whereas member C is part of 2 other groups: "ABC" and "EFG". All the groups have sn_hr_core_basic role in order to work on HR cases and HR tasks.
Now requirement is : members A and B can only see those HR cases and HR tasks assigned to their group "XYZ" and they should not see any other HR cases and HR tasks. Whereas member C who part of 3 group altogether doesnt have any restriction on accessing the HR records. User "C" can access any HR case and HR task assigned to any group.

0 Helpfuls
  • 611 Views
2 ACCEPTED SOLUTIONS

Go to solution
Sandeep Rajput
Tera Patron
Tera Patron

‎06-19-2024 09:14 AM

@swaghosh You need to create following business rules on HR Case and HR Task as follows.

 

1. HR Case

Screenshot 2024-06-19 at 9.39.53 PM.png

Screenshot 2024-06-19 at 9.40.31 PM.png

 

Condition:

!gs.hasRole('admin')&&gs.isInteractive()

Script:

(function executeRule(current, previous /*null when async*/) {

	// Add your code here
	current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744');

})(current, previous);

 

HR Task:

Screenshot 2024-06-19 at 9.36.02 PM.pngScreenshot 2024-06-19 at 9.36.08 PM.png

Condition:

 

!gs.hasRole('admin')&&gs.isInteractive()

 

Script:

 

(function executeRule(current, previous /*null when async*/) {

	// Add your code here
	current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744');

})(current, previous);

 

 

View solution in original post

Go to solution
Tushnik Chakrab
Giga Guru

‎06-19-2024 10:01 AM

Hey @swaghosh ,

 

Greetings for the day !!

 

The one you had mentioned is achievable through query BR .

For the user who could access any records - we could have a Super user group created and those specific users could be added to that group - and we can restrict the BR from functioning for them .

 

We would need to go to the sys_user_grmember table to achieve this since its scoped application 

(function executeRule(current, previous /*null when async*/) {
	var isSuperUser=fnIsSuperUser();
	
	//run the query only if currently logged in user is not a member of the superuser group
	if(!isSuperUser){
		current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744');
	}
	

})(current, previous);

function fnIsSuperUser(){

	var isSuperUserFlag=false;
	var grGrpMem=new GlideRecord('sys_user_grmember');
	grGrpMem.addQuery('group.name',"SuperUser Group");
	grGrpMem.addQuery('user',gs.getUserID());
	grGrpMem.query();
	if(grGrpMem.next()){
		isSuperUserFlag=true;
	}
	return isSuperUserFlag;

}

View solution in original post

4 REPLIES 4

Go to solution
Sandeep Rajput
Tera Patron
Tera Patron

‎06-19-2024 09:14 AM

@swaghosh You need to create following business rules on HR Case and HR Task as follows.

 

1. HR Case

Screenshot 2024-06-19 at 9.39.53 PM.png

Screenshot 2024-06-19 at 9.40.31 PM.png

 

Condition:

!gs.hasRole('admin')&&gs.isInteractive()

Script:

(function executeRule(current, previous /*null when async*/) {

	// Add your code here
	current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744');

})(current, previous);

 

HR Task:

Screenshot 2024-06-19 at 9.36.02 PM.pngScreenshot 2024-06-19 at 9.36.08 PM.png

Condition:

 

!gs.hasRole('admin')&&gs.isInteractive()

 

Script:

 

(function executeRule(current, previous /*null when async*/) {

	// Add your code here
	current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744');

})(current, previous);

 

 

Go to solution
swaghosh
Tera Expert
In response to Sandeep Rajput

‎06-19-2024 10:41 AM - edited ‎06-19-2024 10:43 AM

Thanks a lot for your response.

0 Helpfuls

Go to solution
Sandeep Rajput
Tera Patron
Tera Patron
In response to swaghosh

‎06-19-2024 10:43 AM

@swaghosh Thannks a lot for marking the answer helpful and accepted solution.

0 Helpfuls

Go to solution
Tushnik Chakrab
Giga Guru

‎06-19-2024 10:01 AM

Hey @swaghosh ,

 

Greetings for the day !!

 

The one you had mentioned is achievable through query BR .

For the user who could access any records - we could have a Super user group created and those specific users could be added to that group - and we can restrict the BR from functioning for them .

 

We would need to go to the sys_user_grmember table to achieve this since its scoped application 

(function executeRule(current, previous /*null when async*/) {
	var isSuperUser=fnIsSuperUser();
	
	//run the query only if currently logged in user is not a member of the superuser group
	if(!isSuperUser){
		current.addEncodedQuery('assignment_groupDYNAMICd6435e965f510100a9ad2572f2b47744');
	}
	

})(current, previous);

function fnIsSuperUser(){

	var isSuperUserFlag=false;
	var grGrpMem=new GlideRecord('sys_user_grmember');
	grGrpMem.addQuery('group.name',"SuperUser Group");
	grGrpMem.addQuery('user',gs.getUserID());
	grGrpMem.query();
	if(grGrpMem.next()){
		isSuperUserFlag=true;
	}
	return isSuperUserFlag;

}