Business rule to restrict certain incidents

Darren22 · ‎07-03-2019

Good Morning

I have been asked to restrict certain incident records from being viewed unless a user has a certain role. So for example if you have the role 'itil' then you can view all incidents apart specific breach incidents. However if you have the role 'made up role' then you can view all incidents including these specific breach incidents.

When searching community I keep getting directed to the Guru site which has the code post below...

The issue I have finding is that it restricts all records and not some. When I put a run condition on the business rule again its either all or nothing.

Am I missing something fundamental? It seems the best I can do is restrict everything rather than a few records. Is it that I need two before.query rules?

Could use some guys and gals... thanks

if (!gs.hasRole("itil") && gs.isInteractive()) {
var u = gs.getUserID();
var qc = current.addQuery("caller_id", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);
gs.print("query restricted to user: " + u);
}

vandna · ‎07-03-2019

Hi Darren,

Have you created any custom field to check if the incident is breached or not?

If yes then you can use below script in query business rule to restrict the users to see not breached.

if (gs.hasRole(<role name you want to restrict record>) ) {

var qc = current.addEncodedQuery(<condition>); //Put the breached is not true condition here
gs.print("query restricted to user: " + u);
}

If no, then you can't use the query business rule, because incident breach information is getting captured in task_sla table.

Thanks,

Vandna Ahirwar

Darren22 · ‎07-03-2019

Thanks for the reply. I haven't created a custom field but can use another field use another field with certain information in it. So I can get around that... failing that I can always create a field if needs be.

Do I need to create an additional before.business rule or amend the current one the incident table?

Also by using your script will this only restrict some records rather than all of them?

vandna · ‎07-03-2019

You can update existing business rule with my script. My script will restrict the data, so user can access limited incidents not all incidents.

James Blight · ‎07-18-2024

Few years late but saw this while looking for something else, but the answer may help someone.

I had a similar requirement once but it was more a case of 'Only group x should be allowed to see their incidents, no other group is allowed'

So, in case this ever get expanded further than this group, I added a tickbox to the group table named 'Incident Private'.

I then created a read ACL on the incident table with the condition 'Assignment group.Incident Private is true' and added the below script:

var answer = false;

if (current.caller_id == gs.getUserID() || current.u_on_behalf_of == gs.getUserID() || gs.getUser().isMemberOf(current.assignment_group))

{

answer = true;

}

to allow only those group members + end user to be able to read.

Then adjusted the ACL allowing read access to itil users to have the condition 'Assignment group.Incident Private is false' to prevent itil users reading those incidents.

Then to hide the 'security restrictions' messages a before query BR on the incident table with the following script:

//Only run the below if not an admin

//So admins can see all

var viewer = gs.getUserID();

var qc = current.addQuery('assignment_group', getMyGroups()).addOrCondition('assignment_group.u_incident_private', false).addOrCondition("assignment_group", '').addOrCondition('caller_id', viewer).addOrCondition('u_on_behalf_of', viewer);