ACL Not Working

mdshahvez11 · ‎08-28-2025

Hello Everyone,

Earlier, we had created a few ACLs in both Dev and Prod environments to ensure that users can only view the tickets of the groups they are a part of.

However, while testing the scenario, we noticed that users are able to see tickets from all groups, even if they are not members of those groups.

I’m attaching the screenshots of the ACLs for reference , where filter condition is : Assignment group - is one my group

RaghavSh · ‎08-28-2025

I believe for this you will have to write the script by clicking advanced:

answer = false;
if(gs.getUser().isMemberOf(current.assignment_group))
answer = true;

Applies to just filter the list of records but do not restrict.

Raghav
MVP 2023
LinkedIn

Satyam123 · ‎08-28-2025

tried this but it did not worked

RaghavSh · ‎08-29-2025

Then you probably have some conflicting table level ACL, which is providing access.

If there are 2 "Allow if" ACLs on a table then if user fulfil the conditions of 1 ACL, the access is provided.

Make sure the use does not have admin role because this ACLs are admin override checked.

Alternatively user Debug security rules and check which ACL is providing the access.

Raghav
MVP 2023
LinkedIn

Rafael Batistot · ‎08-28-2025

Hi @mdshahvez11

May you try via Business Rule Before Query

How to restrict a specific group incidents to only its group members - Support and Troubleshooting

If you found this response helpful, please mark it as Helpful. If it fully answered your question, consider marking it as Correct. Doing so helps other users find accurate and useful information more easily.