Allow group managers to add/remove users to groups
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-06-2013 11:07 AM
I am trying to set up access to allow group managers to add/remove users from their groups. I have attempted to create ACL's against sys_user_group but have been unsuccessful.
The group managers need to be able to add/remove users to the groups, but I do not want them to be able to add/remove roles to the group or add/remove users to SN.
As a noob to SN, any help/advice would be appreciated.
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-07-2013 08:46 AM
Hi Mark,
Is there a way to set up an ACL to allow group managers that do not have a role to add/modify the members of the group (the create ACL)? We have many groups that are used within the assignment group field. These groups do not have any role associated with them and are used for notification purposes only.
I added a Create ACL with the following script:
var answer = false; //Restrict access by default
if (gs.hasRole('user_admin') ||current.group.manager == gs.getUserID() ){
answer = true; //Allow access if user has 'user_admin' role or is group manager
}
answer;
I also disabled the Create ACL that required a role of user_admin, but still ran into security permission issues. For those group managers that do not have a role, their groups did not display in the new module I added. The new module is not restricted by role.
Any thoughts?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-07-2013 09:20 AM
Remove your first line of var answer=false;
Your ACL is reading that line and always returning a false.
If you have at least one ACL to allow access all others will be 'locked out' by default
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-07-2013 09:53 AM
Thanks Terri.
I remove the line from the script but still can not view the groups I manage without a role. The following is displayed:
Number of rows removed from this list by Security constraints: 1
I am obviously missing something, and it is probably right in front of me.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-07-2013 10:57 AM
In step 2 of Mark's post it discusses the 'Create ACL'. You would need to remove the 'itil' role from this ACL.
Warning though - This would allow all users to 'Modify Group membership' if they know how to get to the modules/related lists. You will need to do some fancy work to 'restrict' the EDIT button from NON Managers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-07-2013 01:45 PM
Terri,
The itil role was removed prior to making the script change.
