- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-04-2015 08:20 AM
Hello, I am needing some help with an ACL on a custom table. I have a UI action that is ran from the incident table that shows the u_temp_credential table and writes some fields to it. Then ONLY the logged in user should be able to see the u_temp_credential table to see the username that was created just for them. When I impersonate the user I get a security constraints error. I appreciate all of your help from the start, as I'm learning ACL's - they remind me of Windows server group policies, ugh!
For an ACL, is a record type the same as a field on a form?
answer = ifScript();
function ifScript(){
//gs.log('ACL: sys_class_name is ' + current.u_parent.sys_class_name);
if(current.u_parent.sys_class_name == 'sc_req_item'){
//gs.log('ACL: table is sc_req_item');
if(current.u_parent.u_requested_for == gs.getUserID() || current.u_parent.opened_by == gs.getUserID()){
return true;
}
} else if(current.u_parent.sys_class_name == 'incident') {
//gs.log('ACL: table is incident');
if(current.u_parent.caller_id == gs.getUserID()){
return true;
}
}
return false;
}
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-04-2015 01:25 PM
You need two read ACLs...
1. Table level (u_temp_credential.)
2. Record level (u_temp_credential.*)
To put security on individual fields, then you need to put the appropriate type of ACL on the field (u_temp_credential.u_password).
Type should always be Record (for what you are doing).
Operation should determine what they can do (Create, Read, Write, Delete)
If the table was created and a role was associated with it (typical action) and you over-wrote the original read table ACL, then you will want to remove the role associated as the ACL requires the script to be true, the user to have the role, and the condition to be true.
To make this easier (now that I have more time), you can do this all using the condition builder instead of writing a script (my example is based on the incident table)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-04-2015 09:02 AM

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-04-2015 09:45 AM
Is your new table extended from another table? I asked because some of your fields start with u_ and others don't. You should double check those.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-04-2015 10:29 AM
Hi Michael, it is not.
Temporary Credential table does not have anything in the Extends Table column. But the UI Action is called from the Incident table and launches the Temporary Credential table. Hope I explained that right.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-04-2015 11:01 AM
What if you just did the conditions and not checked the table it came from?
if (current.u_parent.u_requested_for == gs.getUserID() || current.u_parent.opened_by == gs.getUserID() || current.u_parent.caller_id == gs.getUserID()){
and for testing, since you are just dealing with Incident to start, just use the statement: if (current.u_parent.caller_id == gs.getUserID()){