UX Page Property works for admin but not for itil

Alon Grod · ‎07-22-2023

Hi,

I have this UX Page Property:

{
  "contextual": [
    "record",
    "kb_view"
  ],
  "newTabMenu": [
    {
      "label": {
        "translatable": true,
        "message": "New Incident"
      },
      "routeInfo": {
        "route": "record",
        "fields": {
          "table": "incident",
          "sysId": "-1"
        },
        "multiInstField": "sysId"
      },
      "condition": {
        "tableDescription": {
          "table": "incident",
          "canCreate": true
        }
      }
    },
    {
      "label": {
				"translatable": true,
				"message": "New Request"
			},
			"routeInfo": {
				"route": "record",
				"fields": {
					"table": "sc_cat_item",
					"sysId": "-1"
				},
				"multiInstField": "sysId"
			},
			"condition": {
				"tableDescription": {
					"table": "sc_cat_item",
					"canCreate": true
				}
			}
		}
  ],
  "maxMainTabLimit": 10,
  "maxTotalSubTabLimit": 30
}

When Im admin and I click on the '+' sign (next to the Home Tab) from the Service Operation Workspace, I need to choose between to options (which is fine):

1)New Incident
2) New Request

But when I impersonate to a different user (only with itil role), I dont see the option of 'New Request' and I only have 'New Incident'. What could be the problem?

Sandeep Rajput · ‎07-23-2023

@Alon Grod The answer to your question lies within the following lines.

"condition": {
				"tableDescription": {
					"table": "sc_cat_item",
					"canCreate": true
				}
			}

The conditions mentioned in the condition section are evaluated against the user role, if we closely look at the write ACL defined on the sc_cat_item we find that user's with roles catalog_editor, catalog_manager, catalog_admin have the permissions to create a new record on the sc_cat_item table.

Since the admin role already contains the catalog_admin role hence they are able to see the 'New Request' option. Whereas the ITIL role doesn't contain the catalog_admin role and hence they can't see this option in operations workspace.

In order to prove this assumption, you can simply assign the catalog_admin role to your ITIL user and impersonate using their account, this time you will be able to see the 'New Request' option inside the Service Operations Workspace.

Hope this helps.

View solution in original post

Sandeep Rajput · ‎07-23-2023

@Alon Grod The answer to your question lies within the following lines.

"condition": {
				"tableDescription": {
					"table": "sc_cat_item",
					"canCreate": true
				}
			}

The conditions mentioned in the condition section are evaluated against the user role, if we closely look at the write ACL defined on the sc_cat_item we find that user's with roles catalog_editor, catalog_manager, catalog_admin have the permissions to create a new record on the sc_cat_item table.

Since the admin role already contains the catalog_admin role hence they are able to see the 'New Request' option. Whereas the ITIL role doesn't contain the catalog_admin role and hence they can't see this option in operations workspace.

In order to prove this assumption, you can simply assign the catalog_admin role to your ITIL user and impersonate using their account, this time you will be able to see the 'New Request' option inside the Service Operations Workspace.

Hope this helps.