- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-15-2024 07:47 AM
I have an issue where ITIL users who are not members of a set of assignment groups are moving tickets out of the assignment groups and I want to prevent that. Let's say I have AGs A, B, and C where, incidents of a fairly specific type fall. I only want members of the AGs A, B, and C to be able to move them to another AG. I've tried a BR with only limited success and I'm not sure how to approach this with ACLs. We do not have the Data Filtration plugin.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-15-2024 08:57 AM
Try this in a "before update" business rule:
var groupA = 'sys_id_of_group_A';
var groupB = 'sys_id_of_group_B';
var groupC = 'sys_id_of_group_C';
var currentUser = gs.getUser();
var isMemberOfA = currentUser.isMemberOf(groupA);
var isMemberOfB = currentUser.isMemberOf(groupB);
var isMemberOfC = currentUser.isMemberOf(groupC);
if (!isMemberOfA && !isMemberOfB && !isMemberOfC) {
gs.addErrorMessage(gs.getMessage('You are not allowed to reassign incidents from this group.'));
current.setAbortAction(true);
}
Make sure to add an appropriate condition:
current.assignment_group.changes() && (previous.assignment_group == 'sys_id_of_group_A' || previous.assignment_group == 'sys_id_of_group_B' || previous.assignment_group == 'sys_id_of_group_C')​
Blog: https://sys.properties | Telegram: https://t.me/sys_properties | LinkedIn: https://www.linkedin.com/in/slava-savitsky/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-15-2024 08:24 AM
Indeed, you can either use ACLs to allow write access to the Assignment Group field only for members of the current assignment group or a "before update" business rule to abort the transaction if someone who is not in the current assignment group tries to reassign the record. In either case, you would need to check group membership of the current user with a script similar to this:
gs.getUser().isExplicitMemberOf(current.assignment_group) // true if the user is in the current assignment group
// OR
gs.getUser().isMemberOf(current.assignment_group) // true if the user is in the current assignment group or any of its child groups
What does your business rule look like? And what exactly do you mean by "limited success"?
Blog: https://sys.properties | Telegram: https://t.me/sys_properties | LinkedIn: https://www.linkedin.com/in/slava-savitsky/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-15-2024 08:41 AM
I think I need to be more specific. AG A(Members 1,2); AG B(Members 3,4); AG C(Members 1,3,5). Anyone in any of these groups can update an incident record in any of these groups. Only when the incident is no longer in these groups should any other ITIL user be able to update the incident.
This is a before query BR. Initially I thought I'd try to remove them from even being found unless you were a member of any of these groups or an admin. It's been a bit since I hacked at this so I can;t say for sure what state it is actually in right now.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-15-2024 08:57 AM
Try this in a "before update" business rule:
var groupA = 'sys_id_of_group_A';
var groupB = 'sys_id_of_group_B';
var groupC = 'sys_id_of_group_C';
var currentUser = gs.getUser();
var isMemberOfA = currentUser.isMemberOf(groupA);
var isMemberOfB = currentUser.isMemberOf(groupB);
var isMemberOfC = currentUser.isMemberOf(groupC);
if (!isMemberOfA && !isMemberOfB && !isMemberOfC) {
gs.addErrorMessage(gs.getMessage('You are not allowed to reassign incidents from this group.'));
current.setAbortAction(true);
}
Make sure to add an appropriate condition:
current.assignment_group.changes() && (previous.assignment_group == 'sys_id_of_group_A' || previous.assignment_group == 'sys_id_of_group_B' || previous.assignment_group == 'sys_id_of_group_C')​
Blog: https://sys.properties | Telegram: https://t.me/sys_properties | LinkedIn: https://www.linkedin.com/in/slava-savitsky/