Creating ACL to make editable only for specific groups

Andre Jones
Tera Expert

 

 

Hello,

 

I want 'assigned to' and 'assignment group' field to be editable only for following the groups if the HR case is assigned to them.

Group A 

Group B

 

This is what I have but it's not working, Example.

AndreJones_0-1701446423078.png

 

Thank You!

1 ACCEPTED SOLUTION

Also that ACL does does grant write access to all er writers, so - as stated previously - ALL OTHER ACLs already granting access MUST be disabled.

View solution in original post

21 REPLIES 21

Elijah Aromola
Mega Sage

Your isMemberOf condition doesn't look current. Update that to:

gs.getUser().isMemberOf("group A") || gs.getUser().isMemberOf("group B")

 

Thank you, It doesn't seem to work. 

I basically need this to happen.

"

  1. If the Assignment Group is Group A or Group B, then the Assignment Group and Assigned to fields should only be editable to members of one of those 2 Groups.
  2. If the Assignment Group is not a Group A or Group B group, then these fields should be editable to any other groups
  3. AndreJones_0-1701450232881.png

     

  4. AndreJones_1-1701450246427.png

     

"

This can be accomplished using roles, no need to script.

 

Create a role that is assigned to members of those groups - Group A and Group B.

 

Than create one write ACL for the field where

  • the condition is Assignment group is not Group A and Assignment group is not Group B
  • the role condition is probably sn_hr_ef.document_writer.

Than create another write ACL for the field where

  • the condition is Assignment group is Group A or Assignment group is Group B
  • the role condition is the special role created, that is granted to those groups only.

But - very important - you must make sure there are no other write ACLs granting access to the field you want to lock down - access granted by one ACL cannot be revoked by another ACL!

 

I'm trying this out now.