Creating a UI Policy to allow one company to edit fields on the incident form but not others

mtomc
Tera Contributor

I have been trying to create a UI policy for the incident form that will restrict editing permissions on the impact and urgency fields for company A when the assigned to is Company B. However, I have been unable to make the UI policy to evaluate that when company B wants to work on the incident, the policy evaluates to false to allow editing.

 

Any help would be greatly appreciated!

1 ACCEPTED SOLUTION

Yes, you would need a write ACL for impact, and one for urgency.  If your version is one that includes decision types of Allow if or Deny if you can see what makes the most sense for your requirement.  The script would use current.assigned_to.company.name and gs.getUserID() with a GlideRecord on sys_user to determine the current user's company

View solution in original post

3 REPLIES 3

Brad Bowman
Kilo Patron
Kilo Patron

It would really be best to do this with an ACL as client scripts and UI Policies can be bypassed.  In an ACL you also have easier access to the company of the assigned_to and current users if that's where company A and B are determined.

@Brad Bowman  

That sounds good, should this be achieved by creating a script on the ACL in order to control the ability to write to that field?

Yes, you would need a write ACL for impact, and one for urgency.  If your version is one that includes decision types of Allow if or Deny if you can see what makes the most sense for your requirement.  The script would use current.assigned_to.company.name and gs.getUserID() with a GlideRecord on sys_user to determine the current user's company