ACL on single record
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2015 02:18 PM
Hello Community,
I am creating a Business and Technical Service and I want to restrict access to this specific record. Such that it is not an option in a reference field pointing to the Technical Service, and cannot be viewed by anyone who does not meet the ACL criteria. Currently, I am only aware of a way to restrict a list of records or tables, etc. I only need to restrict an individual record. Does anyone have any suggestions to accomplish this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2015 02:58 PM
How about using a business rule (before query) to check for the sys_id of that particular record and not display it if the criteria (isMemberOf, hasRole, etc) doesn't match?
Of course, this doesn't necessarily apply security, as if the user knew how to manually navigate to that particular record (full URI), they could possible still get to that piece of data.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2015 03:01 PM
Well it's enough to accomplish what I need. It's not exactly a security issue that I'm concerned with. I just don't want someone(helpdesk guys) to be able to choose it as a business or technical service on the incident form. I want this to apply globally so i don't have to go do it on any form that relates to technical services, etc.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2015 06:27 PM
Hi Kenneth,
This sounds like a Reference Qualifier would be your best option. ACL's are more for security purposes. And while a Before Business rule could do the trick, it impacts EVERY query on that table. When the intent is to restrict choices in a Reference field, your best bet is to use a Reference Qualifier that excludes that record's sys_id. If needed, you could use a Script Include or Even Dynamic Filter to enclose that particular query and apply it anywhere its needed.
Edit: And if your concern is speed of accomplishing this. You could navigate to sys_dictionary. Query all the fields of type=reference where the referenced table is the one with that record on it. Then use list edit to edit the Reference Qualifier of all the fields in one shot.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2015 04:31 AM
I had created a similar Before Query BR. Since you want to restrict that record when the request comes from any reference field. Use the following code, it will be helpful and make sure this happens only when requesting source is a reference field.
if (gs.action.getGlideURI().get('sysparm_view').toString() == 'sys_ref_list')
{
//do your thing here
}
