The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Script ACL

Go to solution
Pastupe
Mega Guru

‎11-01-2017 07:35 AM

Hello

Im getting lost in scripting ACL

What I need is to create ACL where:

User can see only tickets where user is member of group to which ticket is either assigned or watchlisted

Anyone know how to do it?

With the below script Im not getting correct results for READ ACL.

See it below, it should give me back 6 records to read and it giving me back just 3, why ?

please help

/Petr

find_real_file.png

find_real_file.png

find_real_file.png

Preview file
41 KB
Preview file
39 KB
Preview file
60 KB
0 Helpfuls
  • 29,108 Views
1 ACCEPTED SOLUTION

Go to solution
Chuck Tomasi
Tera Patron
In response to Pastupe

‎11-01-2017 07:59 AM

As noted before, try it with one ACL criteria and two ACLs. Debug the one to determine group membership first. Test it, get it working, etc. If someone comes along later and says "No, we don't need that" it's a simple matter of deactivating it rather than modifying code. Don't pile both bits of logic in one ACL.



ACL 1:


answer = gs.getUser().isMemberOf(current.u_assignment_group.getDisplayValue());



ACL 2:



var result = false;


var list = current.u_support_team_involved.toString().split(',');


for (var i = 0; i < list.length; i++) {


        var grp = new GlideRecord('sys_user_group');


        grp.get(list[i]);


        if (gs.getUser().isMemberOf(grp.getDisplayValue()) {


                  result = true;


                  break;


        }


}



answer = result;


View solution in original post

23 REPLIES 23

Go to solution
Pastupe
Mega Guru
In response to Ulrich Jugl

‎11-01-2017 07:56 AM

Thank you, I tested your code and still it gives me back just 3 results instead of 6. I dont really know why ...



find_real_file.png



find_real_file.png


Preview file
40 KB
Preview file
34 KB
0 Helpfuls

Go to solution
G_Ede
Tera Guru
In response to Pastupe

‎11-01-2017 08:37 AM

Can you show us both of the ACLs?   It might be the way they are interacting?



Are there any other relevant ACLs that already exist?


0 Helpfuls

Go to solution
Pastupe
Mega Guru
In response to G_Ede

‎11-01-2017 08:47 AM

Hello,


Just 1 ACL, nothing more



find_real_file.png



find_real_file.png


Preview file
34 KB
Preview file
13 KB
0 Helpfuls

Go to solution
Pastupe
Mega Guru
In response to Pastupe

‎11-01-2017 08:53 AM

Ulrich, with this ACL code I now see all tickets, but they are hidden under different lists


Why they are not under list 1 as list is set to 10 rows and it display just 6 records ?


Is this common behaviour?




List 1 display 6 tickets


List 2 display 0 tickets


List 3 display 1 ticket


List 4 display 1 ticket


List 5 display 2 tickets


List 6 display 1 ticket




All in all 11 in total which is now correct.




images below



/Petr



find_real_file.png



find_real_file.png






find_real_file.png


Preview file
37 KB
Preview file
41 KB
Preview file
51 KB
0 Helpfuls

Go to solution
Ulrich Jugl
ServiceNow Employee
ServiceNow Employee
In response to Pastupe

‎11-01-2017 08:57 AM

Repeating on my previous post in this thread:


Are you sure you scrolled through all of the pages in the list view?


>> Apparently now you finally did 🙂



You see that there is a Security constraint message, which comes when you don't have access to the records (from an ACL). I would assume that you will find your 6 records when you click through the different pages.


>> This is expected behaviour



To avoid the Security constraint message, you can create a on Query Business Rule, which runs a similar query like your ACL


>> check documentation here: https://docs.servicenow.com/bundle/jakarta-servicenow-platform/page/script/business-rules/concept/c_...