Restricting view of Incidents (ACL)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-09-2016 08:12 AM
Hello Community,
The Incident form has a lot of ACLs, However I need to lock down All HR Incidents to users with an HR Role...I've put the following in for a Read ACL, however it locks everyone out of the Incidents
if the "Functional Area" = Human Resources I want to restrict those Incidents to only users with that role
ACL Script:
current.u_functional_area = 'HUMAN RESOURCES';
Requires Role:
HR
- Labels:
-
Scripting and Coding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-10-2016 09:17 AM
Thanks Deepak !!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-23-2016 12:00 PM
Deepak,
The associates in my instance all have the ITIL role. So, I'm hoping to say, if user has ITIL role but is not in assignment group "INSERT NAME"...then restrict viewing incidents. So that associates that only a part of the specified assignment group can see them.
Is this achievable? It looks like I need to create a business rule and the same type of ACL, I need both in order for this to work?
I'm not sure what u_functional_area is as I'm new to the platform.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-26-2016 08:45 AM
Hi Ben,
feasibille
Yes, this is possible, how feasible that is we need to check with respect to overall process we need to implement
Possible Answer :
1 ) You will require to modify READ ACL around ITIL role on incident table ( incident -- None )
You can write the script in script section which says
answer = gs.isMemberOf(current.assignment_group); // this will grant READ access to people who have ITIL role and part of current incident assignment group
Now, restricitng the incidents via ACL will throw message like 'No of records restricted via security '
To overcome this, we can configure the query BR on incient table which should do atleast following
1) Grant callers, watch-list and work-note list users a visiblity to incidents
2) Restrict ITIL users to only incidents in their own group
3) Allow admin to see everything
4) Check other conditionas as well where incident access might be required
If query business rule is too much , we can go with ACL and then can create a filtered module ( " Incidents assigend to my group ") which would appear in navigation just like (Open, Closed, All ). For reference, you can look at how " My work Group" module is configured.
Feasibility Answer :
1) Many a times incidents get assigned from once team to another. Imagine a fact that agent in one group re-assigns to another group, then reaslises that he forgot to attach something to incident OR forgot to add some work notes. In this case
2) There are incident managers who might require access to each and every incident.
So its always better to take wise decision based on these factors.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-09-2016 11:21 PM
Hi Jason,
you will require two ACL.
1) To provide Access for HR user to read that incident Fields
and
2) To lock other roles to edit that incident.
