Users able to bypass the Unique short description rule due to visibilty

Manik Arora3
Tera Contributor

‎12-04-2023 09:41 AM

We ran into a issue where checking of uniqueness in the Short Description is getting by passed.

Reason is: There is a query Business Rule written on that table to restrict visibility of few records as per State value for particular user role.

When that user having the role tries to create a new record with the already existing Short Description, he does not get the error that 'Short description already exists as per the Query BR, he is not able to see the record with the same Short Description already existing.

 

How can we resolve this? Is there a way we can run that Short Description for that user by logging in as Admin? What would be the impact?

 

Thank you in advanve

0 Helpfuls
  • 373 Views
4 REPLIES 4

Brad Bowman
Kilo Patron
Kilo Patron

‎12-04-2023 10:52 AM

Instead of the Query BR, try restricting the records with a read ACL on whatever table you're referring to with the State and role conditions.  Do you have uniqueness for Short Description enforced at the dictionary level, or with an  onSubmit Client Script or before Update Business Rule that checks all of the existing values?  

0 Helpfuls

Manik Arora3
Tera Contributor
In response to Brad Bowman

‎12-04-2023 11:16 AM

HI @Brad Bowman  It is an OnChange client script to check for uniqueness in the Short Description

 

0 Helpfuls

Amit Gujarathi
Giga Sage
Giga Sage

‎12-04-2023 06:56 PM

HI @Manik Arora3 ,
I trust you are doing great.

 

Here's a sample code for a Business Rule that could be used for server-side uniqueness validation:

 

(function executeRule(current, previous /*null when async*/) {

    var gr = new GlideRecord('your_table_name'); // Replace with your table name
    gr.addQuery('short_description', current.short_description);
    gr.query();

    if (gr.next() && gr.sys_id != current.sys_id) {
        gs.addErrorMessage('A record with this Short Description already exists.');
        current.setAbortAction(true);
    }

})(current, previous);
 

Was this answer helpful?


Please consider marking it correct or helpful.


Your feedback helps us improve!


Thank you!


Regards,


Amit Gujrathi



0 Helpfuls

Tai Vu
Kilo Patron
Kilo Patron

‎12-04-2023 07:14 PM - edited ‎12-04-2023 07:20 PM

Hi @Manik Arora3 

If your business rule is crated in order to restrict the visibility for end-users interacting with a user interface, let's try to add the following validation into the Query.

 

gs.getSession().isInteractive()

 

 

Ref: isInteractive()

 

Cheers,

Tai Vu

0 Helpfuls