ACL - User should see incidents created by his department's users on report

Rocky5
Kilo Sage

‎08-08-2019 08:02 AM

Hi Experts,

 

I have a requirement, to create a report on incident table that will show only the incidents created by the users belong to logged in user's department. 

I have created a report on incident table with just the filter condition Active=true. And I want to handle the restrictions using ACL. So,

I have deactivated the OOB ACL that has the below script:

current.opened_by == gs.getUserID() || current.caller_id == gs.getUserID() || current.watch_list.indexOf(gs.getUserID()) > -1;

And I created a new ACL with below script:

current.caller_id.department == gs.getUser().getDepartmentID();

But still, the report is showing only the incidents opened by the caller. but the requirement is the logged in user should see the incidents created by his department's user.

Any help is appreciated.

 

Thanks,

Rocky.

Labels:
0 Helpfuls
  • 1,734 Views
3 REPLIES 3

Allen Andreas
Administrator
Administrator

‎08-08-2019 08:08 AM

Hi,

Is that all you have in the ACL? Do you have any conditions set as well?

Can you try: 

if (current.caller_id.department.sys_id == gs.getUser().getDepartmentID()) {
answer true;
} else {
answer false;
}

 

and make sure you're testing with a relevant user.

Please mark reply as Helpful/Correct, if applicable. Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!
0 Helpfuls

Rocky5
Kilo Sage

‎08-08-2019 08:28 AM

Thanks for the quick response Allen,

I have already tried the script like you proveded, this looks like it worked but still, My report filter is just "Active=true" so, the pie chart report shows the overall count of incidents that are active. but, when open that report by clicking on the pie chart, it shows as below. And when I click on next pages there are few records and those are correct, those records belong to loggedin user's department only. But we dont want to see like this "20 rows removed by security constraints" it should directly show only the correct records. 

find_real_file.png

Preview file
16 KB
0 Helpfuls

Tim Provin
Mega Guru
In response to Rocky5

‎08-08-2019 08:51 AM

If you want to remove the "rows removed by security constraints" message, you will need to create (or update if one exists) a before query business rule for the table that restricts the records that are returned based on your criteria.  

0 Helpfuls