ACL script not working on the table.

Go to solution
Paul125
Kilo Guru

‎10-11-2018 12:33 PM

Hi, I am using the below ACL script to give read access to the table records if the user is a group member of the selected CI on the record field(points to cmdb_ci). Also there is another read ACL exist on the same table with a require role. When I try to impersonate non-role, non-group member I can still see all records on the table. Don't know what's going on. Can someone assist me with correcting this? Thanks!

var ciArray = current.u_configuration_items.split(',');
for(i=0; i<ciArray.length; i++){
	var ci = new GlideRecord('cmdb_ci');
	ci.get(ciArray[i]);
	
	if(gs.getUser().isMemberOf(ci.support_group)){
		answer = true;
		break;
	}
}
0 Helpfuls
  • 1,806 Views
1 ACCEPTED SOLUTION

Go to solution
Ahmmed Ali
Mega Sage
In response to Paul125

‎10-11-2018 01:18 PM

Hello,

 

try below script:

 

answer = false;
var ciArray = current.u_configuration_items.split(',');
for(i=0; i<ciArray.length; i++){
	var ci = new GlideRecord('cmdb_ci');
	ci.get(ciArray[i]);
	
	if(gs.getUser().isMemberOf(ci.support_group)){
		answer = true;
		break;
	}
}

 

Thanks,

Ali

If I could help you with your Query then, please hit the Thumb Icon and mark my answer as Correct!!

Thank you,
Ali

View solution in original post

17 REPLIES 17

Go to solution
Paul125
Kilo Guru

‎10-11-2018 02:11 PM

Ali, yes u_configuration_item is a list field. I tried this script I got nothing in the logs. 

Note: CIs that we select in field are resides in the child tables which are extended from cmdb_ci. I checked the logs in the background script with ci.support_group and I got group id.

0 Helpfuls

Go to solution
Ahmmed Ali
Mega Sage
In response to Paul125

‎10-11-2018 02:18 PM

Thats strange. atleast first log should have come

If I could help you with your Query then, please hit the Thumb Icon and mark my answer as Correct!!

Thank you,
Ali
0 Helpfuls

Go to solution
Paul125
Kilo Guru

‎10-11-2018 02:45 PM

I added this code to the ACL and impersonated with group user but I didn't see any rows. Then I impersonated back to my account and checked the logs but there was nothing. Please let me know if I am doing anything wrong. Thanks!

0 Helpfuls

Go to solution
Ahmmed Ali
Mega Sage
In response to Paul125

‎10-11-2018 02:54 PM

can you post screenshots of logs ?

Thanks,

Ali

If I could help you with your Query then, please hit the Thumb Icon and mark my answer as Correct!!

Thank you,
Ali
0 Helpfuls

Go to solution
Paul125
Kilo Guru

‎10-11-2018 03:46 PM

I apologize Ali. Here is the screenshot. I was looking in the wrong column for logs.

find_real_file.png

Preview file
10 KB
0 Helpfuls