The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Script ACL

Go to solution
Pastupe
Mega Guru

‎11-01-2017 07:35 AM

Hello

Im getting lost in scripting ACL

What I need is to create ACL where:

User can see only tickets where user is member of group to which ticket is either assigned or watchlisted

Anyone know how to do it?

With the below script Im not getting correct results for READ ACL.

See it below, it should give me back 6 records to read and it giving me back just 3, why ?

please help

/Petr

find_real_file.png

find_real_file.png

find_real_file.png

Preview file
41 KB
Preview file
39 KB
Preview file
60 KB
0 Helpfuls
  • 29,103 Views
1 ACCEPTED SOLUTION

Go to solution
Chuck Tomasi
Tera Patron
In response to Pastupe

‎11-01-2017 07:59 AM

As noted before, try it with one ACL criteria and two ACLs. Debug the one to determine group membership first. Test it, get it working, etc. If someone comes along later and says "No, we don't need that" it's a simple matter of deactivating it rather than modifying code. Don't pile both bits of logic in one ACL.



ACL 1:


answer = gs.getUser().isMemberOf(current.u_assignment_group.getDisplayValue());



ACL 2:



var result = false;


var list = current.u_support_team_involved.toString().split(',');


for (var i = 0; i < list.length; i++) {


        var grp = new GlideRecord('sys_user_group');


        grp.get(list[i]);


        if (gs.getUser().isMemberOf(grp.getDisplayValue()) {


                  result = true;


                  break;


        }


}



answer = result;


View solution in original post

23 REPLIES 23

Go to solution
Chuck Tomasi
Tera Patron

‎11-01-2017 07:44 AM

If this is an "or" operation, I would make it two ACLs for easy of maintenance and debugging.



To get whether the user is a member of a specific group, have you tried



gs.getUser().isMemberOf('GROUPNAME')



For the watch list, you can split the list in to an array and use ArrayUtil method contains() to determine if the current user (gs.getUserID()) sys_id value is in that array.


0 Helpfuls

Go to solution
Pastupe
Mega Guru
In response to Chuck Tomasi

‎11-01-2017 07:52 AM

Thank you, I tried below now but seems to be same problem, I still see just 3 results instead of 6



Any idea what I do wrong ?



/Petr



find_real_file.png


Preview file
37 KB
0 Helpfuls

Go to solution
Ulrich Jugl
ServiceNow Employee
ServiceNow Employee
In response to Pastupe

‎11-01-2017 07:55 AM

Are you sure you scrolled through all of the pages in the list view? You see that there is a Security constraint message, which comes when you don't have access to the records (from an ACL). I would assume that you will find your 6 records when you click through the different pages.



To avoid the Security constraint message, you can create a on Query Business Rule, which runs a similar query like your ACL


Go to solution
Pastupe
Mega Guru
In response to Ulrich Jugl

‎11-01-2017 07:58 AM

I went   thru all pages and it still show 3 rows only


As well I made sure that number of list items is set properly



find_real_file.png


Preview file
58 KB
0 Helpfuls