Creating a UI Policy to allow one company to edit fields on the incident form but not others

mtomc · ‎10-25-2024

I have been trying to create a UI policy for the incident form that will restrict editing permissions on the impact and urgency fields for company A when the assigned to is Company B. However, I have been unable to make the UI policy to evaluate that when company B wants to work on the incident, the policy evaluates to false to allow editing.

Any help would be greatly appreciated!

Brad Bowman · ‎10-28-2024

Yes, you would need a write ACL for impact, and one for urgency. If your version is one that includes decision types of Allow if or Deny if you can see what makes the most sense for your requirement. The script would use current.assigned_to.company.name and gs.getUserID() with a GlideRecord on sys_user to determine the current user's company

View solution in original post

Brad Bowman · ‎10-25-2024

It would really be best to do this with an ACL as client scripts and UI Policies can be bypassed. In an ACL you also have easier access to the company of the assigned_to and current users if that's where company A and B are determined.

mtomc · ‎10-28-2024

@Brad Bowman

That sounds good, should this be achieved by creating a script on the ACL in order to control the ability to write to that field?

Brad Bowman · ‎10-28-2024

Yes, you would need a write ACL for impact, and one for urgency. If your version is one that includes decision types of Allow if or Deny if you can see what makes the most sense for your requirement. The script would use current.assigned_to.company.name and gs.getUserID() with a GlideRecord on sys_user to determine the current user's company