The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Script ACL

Go to solution
Pastupe
Mega Guru

‎11-01-2017 07:35 AM

Hello

Im getting lost in scripting ACL

What I need is to create ACL where:

User can see only tickets where user is member of group to which ticket is either assigned or watchlisted

Anyone know how to do it?

With the below script Im not getting correct results for READ ACL.

See it below, it should give me back 6 records to read and it giving me back just 3, why ?

please help

/Petr

find_real_file.png

find_real_file.png

find_real_file.png

Preview file
41 KB
Preview file
39 KB
Preview file
60 KB
0 Helpfuls
  • 29,104 Views
1 ACCEPTED SOLUTION

Go to solution
Chuck Tomasi
Tera Patron
In response to Pastupe

‎11-01-2017 07:59 AM

As noted before, try it with one ACL criteria and two ACLs. Debug the one to determine group membership first. Test it, get it working, etc. If someone comes along later and says "No, we don't need that" it's a simple matter of deactivating it rather than modifying code. Don't pile both bits of logic in one ACL.



ACL 1:


answer = gs.getUser().isMemberOf(current.u_assignment_group.getDisplayValue());



ACL 2:



var result = false;


var list = current.u_support_team_involved.toString().split(',');


for (var i = 0; i < list.length; i++) {


        var grp = new GlideRecord('sys_user_group');


        grp.get(list[i]);


        if (gs.getUser().isMemberOf(grp.getDisplayValue()) {


                  result = true;


                  break;


        }


}



answer = result;


View solution in original post

23 REPLIES 23

Go to solution
Pastupe
Mega Guru
In response to Ulrich Jugl

‎11-01-2017 08:00 AM

As well I have just 1 ACL that we now work with


100a.png


Preview file
20 KB
0 Helpfuls

Go to solution
Chuck Tomasi
Tera Patron
In response to Pastupe

‎11-01-2017 07:59 AM

As noted before, try it with one ACL criteria and two ACLs. Debug the one to determine group membership first. Test it, get it working, etc. If someone comes along later and says "No, we don't need that" it's a simple matter of deactivating it rather than modifying code. Don't pile both bits of logic in one ACL.



ACL 1:


answer = gs.getUser().isMemberOf(current.u_assignment_group.getDisplayValue());



ACL 2:



var result = false;


var list = current.u_support_team_involved.toString().split(',');


for (var i = 0; i < list.length; i++) {


        var grp = new GlideRecord('sys_user_group');


        grp.get(list[i]);


        if (gs.getUser().isMemberOf(grp.getDisplayValue()) {


                  result = true;


                  break;


        }


}



answer = result;


Go to solution
Pastupe
Mega Guru
In response to Chuck Tomasi

‎11-01-2017 08:08 AM

Chuck, If I test with just one, first one you provided, it still gives back not correct results.



2 out of 5 with new ACL 1 below



/Petr


find_real_file.png



find_real_file.pngfind_real_file.png


Preview file
35 KB
Preview file
12 KB
Preview file
37 KB
0 Helpfuls

Go to solution
Ulrich Jugl
ServiceNow Employee
ServiceNow Employee
In response to Pastupe

‎11-01-2017 08:10 AM

Can you check if the "HR Global" group you are referencing is unique? What I mean is: is the sys_id of all the HR Global groups in sys_user_group the same or is this some kind of duplicate?


0 Helpfuls

Go to solution
Pastupe
Mega Guru
In response to Ulrich Jugl

‎11-01-2017 08:29 AM

It looks like to be unique, just one group has been returned



group.png


Preview file
14 KB
0 Helpfuls