Restricting view of Incidents (ACL)

jayson5 · ‎06-09-2016

Hello Community,

The Incident form has a lot of ACLs, However I need to lock down All HR Incidents to users with an HR Role...I've put the following in for a Read ACL, however it locks everyone out of the Incidents

if the "Functional Area" = Human Resources I want to restrict those Incidents to only users with that role

ACL Script:

current.u_functional_area = 'HUMAN RESOURCES';

Requires Role:

HR

jayson5 · ‎06-09-2016

What if I want to lock down all the fields on incident for HR?

rajeevlochan82 · ‎06-09-2016

Hi,

I have the similar requirement to restrict HR incidents to HR teams only. I put the below kind of logic to Table (Incident) and Incident * ACLs. Also I put a condition in OOB Incident table and Incident * ACLs to exclude incidents with HR business service.

jayson5 · ‎06-09-2016

Thanks! What does the top of your ACL in that screen shot look like?

Thank you!

Jason

rajeevlochan82 · ‎06-09-2016

Thats the top. I also used the same at table level as well.

Deepak Ingale1 · ‎06-09-2016

Hi Jason,

If you have multiple ACLs of same type, then even a single ACL which returns true is sufficient enough to grant user an access to record.

Keeping this fact in mind, you will have to either modify all ACLs accordingly to block the access

OR

You can have the Before Query business rule which will grant an access to HR Related incidents to HR people only and block an Access for others

Query Business rule should be like

if(!gs.hasRole('hrRelatedRole')){

current.addQuery('u_functional_area ','!=','HUMAN RESOURCES');

}