ACL restrict write to specific groups but allow everyone with itil role to write on Comments and Work Notes

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-15-2019 05:30 AM
We have a requirement to restrict write access on specific records to spceific groups only but anyone with itil role should be able to write on comments and work notes. Any idea on how to approach this ACL setup?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-15-2019 06:48 AM
You will need 2 table level write ACLs, one that will provide write access to your groups and one that will provide write access to the itil role. Then you will need a table.* write ACL to provide field level write to the specific groups and NOT the itil role. Finally you will need table.comments and table.work_notes write ACLs that allow write access for the itil role.
In order to get the specific groups, you will need to write a script in the ACL that checks to see if the user is a member of the specific group(s).
If you only wanted members of the record's assignment group to be able to write you would do something like this.
answer = gs.getUser().isMemberOf(current.assignment_group.toString())

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-15-2019 07:28 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-15-2019 07:40 AM
And now that I am looking at it, I realize I was off by a little bit so I updated my original reply. You need 2 table level write ACLs. The first should just have the itil role on it, and the second should have just the script. ACLs require all the different pieces to evaluate to true (roles, condition, and script) so the single table level is locking it to users in the assignment group that have the itil role. Sorry for the miss on my part.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-15-2019 07:57 AM