- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-08-2019 05:04 AM
Good afternoon,
This is probably pretty basic but I just wanted to check. I need to add two fields to the sys_user table which only show when company is X. UI Policy, all good.
Now I want to set it up such that if the company is X, only users with role Y will see these two fields displayed when they look at a user record.
I tried adding a script condition gs.hasRole("role Y") to the said UI policy, but no joy. Any user with access to the user table can still see these fields.
We have a minefield of ACLs associated with sys_user, such that if I create read and write ACLs for role Y against the two fields, again any user can read and write, but before I tackle this aspect of the build, I just wanted to check if I am right in trying to achieve the display aspect through a UI policy?
Thanks
Solved! Go to Solution.
- Labels:
-
Scripting and Coding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-15-2019 05:51 AM
No once you give role z access to write to these two field only they that should have access and it should prevent everybody else from writing to these fields. You may need to give role z write access to the entire table as well. before you can limit there write access to 1 or 2 fields they must first have access to write to all fields. So if they do not have write access with another role to the entire table you must first grant them this access (sorry my assumption). Then the ACL for write access to the two fields should limit them to just these fields.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-08-2019 05:19 AM
I don't think a UI Policy will work here. You need to setup an ACL to give that role read access to that field. Then you should not need the UI policy at all.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-08-2019 05:22 AM
Thanks Brian, not looking forward to the ACLs though!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-08-2019 05:38 AM
Given that is sound like the user already has read access to the entire table I think this would be a fairly easy ACL.
Operation: Read
Name: table and field
Required roles: Y
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-08-2019 05:23 AM
You can write a client script onload and call a script include to check if the logged in user has Role y. and based on the output, you can either hide/show fields.
