HR Case: Should only be able to see HR Cases assigned to my group

sachinbhasin11 · ‎10-24-2018

Hi there,

I have a requirement whereby i should only be able to see the HR cases assigned to my assignment group, I should be restricted to access those HR cases which doesn't belong to my group except the approvers etc.

Further there would be some users with some roles who would be able to access all the HR cases in the application

I know it can be done via ACL but changing the OOB ACL looks too complicated any easier solution on mind? or anyone had the same requirement before?

Tx

sachinbhasin11 · ‎10-29-2018

I found the solution of the above requirement by writing a on before BR on case table. Below is the script

if (gs.isInteractive() || gs.getCallerScopeName() != 'sn_hr_le') {
var userId = gs.getUserID();
var myGroups = hr_Utils.myGroups;
current.addQuery("opened_by", userId)
.addOrCondition("opened_for", userId)
.addOrCondition("parent.ref_sn_hr_core_case.opened_for", userId)
.addOrCondition("watch_list", "CONTAINS", userId)
.addOrCondition("sys_id", "IN", hr_Utils.myCasesWithApprovals + ',' + hr_Utils.myCasesWithTasks)
.addOrCondition('assignment_group',myGroups)
.addOrCondition('hr_service.subject_person_access', true).addCondition('subject_person', userId);
}

Be careful with the code of myGroups in hr_Utils Script Include as the OOB code doesn't seems to work as desired on my instance so I modified it a bit. You can put logs to verify

Thanks

View solution in original post

Ajaykumar1 · ‎10-24-2018

Hi Sachin,

It's better to use ACLs, but if want some other alternative....you can create a new module to get cases assigned to loggedin users group :

Navigate to modules under system definition > create a new module >

Name : Assigned to My Groups

Filter : Assignment group : is(dynamic) : one of my groups.

Table : Table name (sn_hr_core_case_total_rewards)

Link Type : List of records

Arguments : &sysparm_fixed_query=active=true // shows only active records and doesn't let to click all records from list view.

You can also specify roles under Visibility section.

Mark if Correct/Helpful.

Regards,
Ajay

Ajaykumar1 · ‎10-24-2018

Also, you can write a before query business rule, refer the link : Controlling record access using ‘Before Query’ business rules

Regards,
Ajay

sachinbhasin11 · ‎10-29-2018

I found the solution of the above requirement by writing a on before BR on case table. Below is the script

if (gs.isInteractive() || gs.getCallerScopeName() != 'sn_hr_le') {
var userId = gs.getUserID();
var myGroups = hr_Utils.myGroups;
current.addQuery("opened_by", userId)
.addOrCondition("opened_for", userId)
.addOrCondition("parent.ref_sn_hr_core_case.opened_for", userId)
.addOrCondition("watch_list", "CONTAINS", userId)
.addOrCondition("sys_id", "IN", hr_Utils.myCasesWithApprovals + ',' + hr_Utils.myCasesWithTasks)
.addOrCondition('assignment_group',myGroups)
.addOrCondition('hr_service.subject_person_access', true).addCondition('subject_person', userId);
}

Be careful with the code of myGroups in hr_Utils Script Include as the OOB code doesn't seems to work as desired on my instance so I modified it a bit. You can put logs to verify

Thanks

VShine · ‎10-26-2021

@sachin.b I am having similar requirement... On Backend, users see cases assigned to one of their group only... instead of using hr_Utils, I am trying to use one of my group query. But its not working. Can you help me how to get that?