Creating ACL to make editable only for specific groups

Andre Jones · ‎12-01-2023

Hello,

I want 'assigned to' and 'assignment group' field to be editable only for following the groups if the HR case is assigned to them.

Group A

Group B

This is what I have but it's not working, Example.

Thank You!

-O- · ‎12-01-2023

Also that ACL does does grant write access to all er writers, so - as stated previously - ALL OTHER ACLs already granting access MUST be disabled.

View solution in original post

Elijah Aromola · ‎12-01-2023

Your isMemberOf condition doesn't look current. Update that to:

gs.getUser().isMemberOf("group A") || gs.getUser().isMemberOf("group B")

Andre Jones · ‎12-01-2023

Thank you, It doesn't seem to work.

I basically need this to happen.

"

If the Assignment Group is Group A or Group B, then the Assignment Group and Assigned to fields should only be editable to members of one of those 2 Groups.
If the Assignment Group is not a Group A or Group B group, then these fields should be editable to any other groups

"

-O- · ‎12-01-2023

This can be accomplished using roles, no need to script.

Create a role that is assigned to members of those groups - Group A and Group B.

Than create one write ACL for the field where

the condition is Assignment group is not Group A and Assignment group is not Group B
the role condition is probably sn_hr_ef.document_writer.

Than create another write ACL for the field where

the condition is Assignment group is Group A or Assignment group is Group B
the role condition is the special role created, that is granted to those groups only.

But - very important - you must make sure there are no other write ACLs granting access to the field you want to lock down - access granted by one ACL cannot be revoked by another ACL!

Andre Jones · ‎12-01-2023

I'm trying this out now.