ACL Issue

Vurukonda Sai 1
Tera Contributor

Hi Team,

I have create group HR_CN added two user in the group. 
When loged in user from group user. They can't do any changes in HR case. 
HR case record Read mode only (Like Read access for all  hr case). But user have hr_analyst role. 

How can we restic the HR case records? could you pls help me on this issue.

code 1 : 

// // // Allow users in the HR_Marelli_CN group to read HR Cases
// // (function() {
// //     var user = gs.getUser();
// //     if (user.isMemberOf('HR_Marelli_CN')) {
// //         answer = true;
// //     } else {
// //         answer = false;
// //     }
// // })();

code 2: 
// var gr = new GlideRecord("sys_user_grmember");
// gr.addQuery("user", current.u_caller_id);
// gr.addQuery("group", "fd665c24c36e62507ee9da4bb001310e"); //HR_Marelli_CN
// gr.query();
// if (gs.getUser().isMemberOf("HR_Marelli_CN") || gr.next()) //HR_Marelli_CN users should see tickets raised by their team members
//     answer = true;

code 3:
//  (function() {
//     var userGR = gs.getUser(); // Get current user
//     return userGR.isMemberOf('HR_Marelli_CN'); // Only allow read if user in group
// })();
2 REPLIES 2

Pooja Limbani
Giga Guru

Did you try using COE Security Configuration Instead of ACL
can you try once :

  1. Navigate to: HR Administration → COE Security Configuration

  2. Click New to create a policy.

  3. Fill out the form:

    • COE: Select the HR Case COE (e.g., HR Core Case)

    • Type: Set to Write

    • Applies to all services: Check if needed

    • Group: Add HR_CN

    • Condition: Optional — you can restrict further by case type or other fields

  4. Save and activate the policy.

This will allow only users in HR_CN to edit cases in that COE. Others (even with hr_analyst) will have read-only access unless explicitly granted.
Help future readers out—mark the answer and close the thread if it helped you! 😊


If this response resolved your issue, kindly mark it as Helpful or Accept Solution—it helps others find the answer faster.

DevenderSiM
Tera Contributor

Hello Sai, 

 

Is your query on accessing the HR cases by the group users and edit the cases? 

 

If the query is for access then you need to provide correct role to the group :

 

sn_hr_core_case_writer : Grants access to write all HR cases

sn_hr_core_case_reader: Grants access to read all HR cases