Restricting record visibility in tables based on user's group or role?

jaredholm · ‎08-20-2018

I would like to restrict the visibility of certain request records for users that are not in the "ITSS Security" or "ITSS Email" groups (or admins). For Service Catalog requests "Request to Pull Email", only users who are in one of those two groups or an admin should be able to see those records in the table (sc_req_item) list view.

I currently have a beforeQuery business rule with the filter condition 'Item is Request to Pull Email'. I have a condition in the advanced part of the script that states:
"gs.getUser().isMemberOf('ITSS-MRS Information Security') || gs.getUser().isMemberOf('ITSS-ECS Enterprise E-Mail') || gs.hasRole("admin")"

What is the necessary line of script that turns off record visibility for everyone besides these users?

Thanks in advance.

Patrick Fedigan · ‎08-20-2018

Hello Jared,

After your condition, you'll have to add the query to the business rule like so (example):

current.addQuery('active', true);

You may want to just use ACL's with your condition instead.

Cheers,

jaredholm · ‎08-20-2018

I cannot create ACLs based on my user access, so I would prefer to solve this using a business rule. Is that the only line, I tried adding it and it did not work. Are we sure business rules can restrict individual records from a table?

SanjivMeher · ‎08-20-2018

That was only an example.

You should remove the filter condition 'Item is Request to Pull Email'

You condition should be

gs.getUser().isMemberOf('ITSS-MRS Information Security')!=true && gs.getUser().isMemberOf('ITSS-ECS Enterprise E-Mail')!=true && gs.hasRole("admin")!=true

And script should be

current.addQuery('cat_item.name','!=','Request to Pull Email');

Please mark this response as correct or helpful if it assisted you with your question.