Business Rules for restricting access to TASKs

matt_a · ‎01-02-2019

I am trying to restrict access to certain SC_TASK to users of various groups and/or roles.

I have 2 scenarios that I am trying to achieve. One of which I have accomplished.

I just need to be shown what I am doing wrong and what I need to do to rectify it.

Scenario 1 – accomplished

I created a before business rule. Selected query and then completed the below:

This only allows users who are part of this customer success group the ability to see tasks that are assigned to that group. They cannot view any other task that’s assigned to another group.

Scenario 2 – failed

I want to set up a similar situation as scenario 2, but this group of people will be part of 2 assignment groups and need to see tasks assigned to only the 2 groups.

I have tried multiple attempts at this but each has failed including individual rules for each assignment group.

One of the obstacles is that one of the groups is a parent group and the other is a child of the parent. But both assignment groups have tasks assigned to them.

My latest attempt was:

The team does have a specific role, so would a role based business rule be better?

Does anyone have some experience in this that would be able to walk me through it?

Many thanks in advance

Inactive_Us1957 · ‎01-02-2019

Try as

current.addEncodedQuery('assignment_group=b85d44954a3623120004689b2d5dd60a^assignment_group=09745cc9c3302200e7c7d44d81d3ae6f')

View solution in original post

Deepak Ingale1 · ‎01-02-2019

Query business rule is More restrictive and difficult to maintain.

I would better configure the ACL backed up with Application Modules to provide visibility of the data.

You can refer to "My group work" module OOB which comes, it only shows records which are assigned to logged in users assignment groups dynamically. Something similar you should try

Note: Please mark reply as correct / helpful if it has answered your question.

matt_a · ‎01-02-2019

Hi, the problem with this would be that the user could then use the filter on the task list to expand the search criteria and gain access to other groups TASKS. Unless you are suggesting that the ACL that goes with it only allows for TASKs assigned to the group defined in the module?

If so, what would the ideal script on the ACL be? How would you define it to only apply to users of the specific module?

Or am I wide of the mark with what I am saying?

Thanks for your help on this

Deepak Ingale1 · ‎01-02-2019

Hi,

You can CREATE or MODIFY an ACL ( is ACL already exists ) with code like

Having said that, you have to create a module like "Assigned to my group" which will give you show you all records which are assigned to your group.

If you type "My group", you will see my group work module, like wise you can configure

answer = gs.getUser().isMemberOf(current.assignment_group); // This will dynamically check if as an logged in user, if you are a part of assignment group for record which you want to see, if yes, you will see record

matt_a · ‎01-02-2019

Thanks, I have created an application menu with modules (not finalised so excuse formatting / order 😉 ) :

With my current set up, this works well as it is restricting access. However, If I have a url to all tasks, it is allowing the user to view and access all tasks.

I am wondering whether I have set up the ACL right? As well as the script that you provided, Will it need a condition? I have also set the ACL like this, which im hoping is correct (im just concentrating on catalog tasks for now) :