rying to allow write access for one field for a user with no role (but listed as a reader)

chennessy · ‎01-09-2018

End users on this instance have no role. They have read access only to forms that include them as a reader.

The script on the Access Control that allows read access for designated readers (with no role) works:

var answer = false;

if (current.u_readers.indexOf(gs.getUserID() > -1 )) {

answer = true;

}

Next, I need to allow write access for one field (a checkbox for concurrence, called u_customer_concurrence).

When the customer checks the box, the customer's name and date will be populated in additional fields. But I need to allow them to be able to check the box.

I have tried an Access Control of field/write/ u_operation.u_customer_concurrence, with the above-mentioned script that works for readers, but no luck.

I have also tried record/write/u_operation.u_customer_concurrence just out of curiosity but that didn't work either.

Any ideas or suggestions are much appreciated!

chennessy · ‎01-10-2018

OK, I got it to work.

The solution is:

write / record / u_operation.* / role: itil

write / record / u_operation.u_customer_concurrence / No role required

The field name overrides the * in the first ACL.

My error was that I had write / field / u_operation.u_customer_concurrence / No role required

Once I switched to write/ record, it worked!

Thanks everyone for your input!

View solution in original post

Gowrisankar Sat · ‎01-09-2018

Hi Cheryl,

There are two levels of ACLs, Row Level and Field Level ACL.

Row Level ACL: tablename

Field Level ACL: tablename.* or tablename.fieldname

If a end user needs write operation on a certain field:

1)Row level ACL will be evaluated.

2) Field Level ACL evaluates, only if Row Level ACL evaluates to true.

If there are no Row Level ACLs on a table then the Row Level ACL evaluation is set to true, there-forth you can simply consider field level ACLs.

Evaluating Row level and Field level ACLs

chennessy · ‎01-09-2018

OK, I think what you are saying is that I have to have

A write ACL on the Table allowing access, and then a read ACL on all the fields that are read only (individual ACLS for every field??)

I saw one solution that said:

1. A write ACL on Table allowing access

2. A * write ACL on all fields not allowing access

3. A write ACL allowing access to the single field.

#2 above is confusing, as to if a separate ACL is needed for each field, or the * takes care of that?

Thanks!

Gowrisankar Sat · ‎01-09-2018

2. A * write ACL on all fields -> as it clearly says it will be for all the fields, sets all the fields to editable if evalutaes to true, else sets all the fields read only.

Anyways, you can try the solution mike gave, check if that works:

var answer = false;

if (current.u_readers.indexOf(gs.getUserID()) > -1 ) {

answer = true;

}

chennessy · ‎01-10-2018

OK, I got it to work.

The solution is:

write / record / u_operation.* / role: itil

write / record / u_operation.u_customer_concurrence / No role required

The field name overrides the * in the first ACL.

My error was that I had write / field / u_operation.u_customer_concurrence / No role required

Once I switched to write/ record, it worked!

Thanks everyone for your input!

Michael Ritchie · ‎01-09-2018

You have a parenthesis in the wrong place. This corrects that and maybe solves the issue?

var answer = false;

if (current.u_readers.toString().indexOf(gs.getUserID()) > -1 ) {

answer = true;

}

Edit: I also added a toString() in advance of the indexOf() function because I have had issues in the past doing an indexOf on a list type field without converting it to a string first.