- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2018 12:33 PM
Hi, I am using the below ACL script to give read access to the table records if the user is a group member of the selected CI on the record field(points to cmdb_ci). Also there is another read ACL exist on the same table with a require role. When I try to impersonate non-role, non-group member I can still see all records on the table. Don't know what's going on. Can someone assist me with correcting this? Thanks!
var ciArray = current.u_configuration_items.split(',');
for(i=0; i<ciArray.length; i++){
var ci = new GlideRecord('cmdb_ci');
ci.get(ciArray[i]);
if(gs.getUser().isMemberOf(ci.support_group)){
answer = true;
break;
}
}Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2018 01:18 PM
Hello,
try below script:
answer = false;
var ciArray = current.u_configuration_items.split(',');
for(i=0; i<ciArray.length; i++){
var ci = new GlideRecord('cmdb_ci');
ci.get(ciArray[i]);
if(gs.getUser().isMemberOf(ci.support_group)){
answer = true;
break;
}
}
Thanks,
Ali
Thank you,
Ali
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2018 11:23 PM
Ha, there you see. I never tested it, I just gone with the examples I've seen and the documentations. But that is good to know 🙂
//Göran
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2018 01:18 PM
Hello,
try below script:
answer = false;
var ciArray = current.u_configuration_items.split(',');
for(i=0; i<ciArray.length; i++){
var ci = new GlideRecord('cmdb_ci');
ci.get(ciArray[i]);
if(gs.getUser().isMemberOf(ci.support_group)){
answer = true;
break;
}
}
Thanks,
Ali
Thank you,
Ali
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2018 04:35 PM
Ali, this script just works fine but what if I wanted to add read access to some other roles? Do I have to create a new one with the roles? I did this way then script one stopped working. Please suggest me the way to make this work. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2018 01:24 PM
Thanks for the reply Ahmed. I tried your script. It is now restricting access for non-group and group members as well. Can you please assist further? Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2018 01:36 PM
Hello Paul,
I believe u_configuration_item is list field referring to cmdb_ci table. Below script should work.
answer = false;
var query = "sys_idIN"+current.u_configuration_items;
gs.log("query: "+query ,"Paul");
var ci = new GlideRecord('cmdb_ci');
ci.addEncodedQuery(query);
ci.query();
while(ci.next()){
gs.log("inside While","Paul");
if(gs.getUser().isMemberOf(ci.support_group)){
answer = true;
break;
}
}
if not working please let me know what values are coming in logs. search system logs with source as Paul.
Thanks,
Ali
Thank you,
Ali
