Exclude delegates from specific approval records.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2018 02:14 PM
I have a requirement to restrict approvals on a specific catalog item.
They do not what User Delegates to be able to approve these requests. Sounds easy enough.
I've found the "exclude delegates" on the email notification.
I've also added a business rule to abort the approval should a delegate try to approve this item.
Now, I need to HIDE that approval from them.
So of the approvals the delegate will see currently:
Buy Software - Approver1 - delegate 1 - **Yes delegate can approve
Grant Access to Bank Records - Approver1 - delegate 1 - **NO delegate my not approve this
Order Mobile phone - Approver1 - delegate 1 - **Yes delegate can approve
I'm not finding an easy way to only show two approvals for D1 and 3 for A1.
What is the best practice for this and are they any examples?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2019 01:27 AM
HI Michel ,
can you help me
i used your script as suggest, but it is not working.. please help me........
still delegate approving approvals, it should Not be.
READ - ACL's script : table : sysapproval_approver
if (gs.getProperty("glide.approvals.restrict_by_record", "false") == "true")
answer = gs.hasRole('approval_admin') || (gs.hasRole('itil') && checkSecureCatalogItem(current))||(gs.hasRole('catalog') && checkSecureCatalogItem(current)) || (isApprovalMine(current) && checkSecureCatalogItem(current)) && hasAccessToDocument(current);
else
answer = gs.hasRole('approval_admin') || (gs.hasRole('itil') && checkSecureOrderGuide(current)) || (gs.hasRole('catalog') && checkSecureCatalogItem(current)) || (isApprovalMine(current) && checkSecureCatalogItem(current)) || (hasAccessToDocument(current) && checkSecureCatalogItem(current));
function checkSecureCatalogItem(current)
{
var allowDelegate = true;
var restrictList = gs.getProperty('active.checking.box.restrict.delegates'); // Active check -catalog item sys_id
if (current.sysapproval.sys_class_name == "sc_req_item" && restrictedList.indexOf(current.sysapproval.ref_sc_req_item.cat_item) > -1 && current.approver!=gs.getUserID())
{
allowDelegate = false;
}
else
if (current.sysapproval.sys_class_name == "sc_request" && restrictedList.indexOf(current.sysapproval.ref_sc_req_item.cat_item) > -1 && current.approver!=gs.getUserID())
{
allowDelegate = false;
}
return allowDelegate;
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2019 12:21 PM
ITIL side Working Good, but coming to Portal side still the records are showing in Delegate Portal view ,
So how to Exclude those from Portal side
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-29-2020 06:57 AM
There is a logic error in your function. The issue is that the 'checkSecureCatalogItem' function will always return 'false' for the specified catalog item since there is no check that the user that this ACL is running for is a delegate of the original approver. This results in the original approver not being able to see his own approvals if he doesn't have one of the specified roles in the OOB ACL. I've adapted your script with some of my own that should fix this issue should someone else stumble upon this thread.
function checkSecureCatalogItem() {
var allowDelegate = true;
// Make sure the below query is only added for request items
var restrictedList = "SYS-ID-OF-CATALOG-ITEM";
if (current.source_table == "sc_req_item" && restrictedList.indexOf(current.sysapproval.ref_sc_req_item.cat_item) > -1 && checkUserDelegate()) {
allowDelegate = false;
}
return allowDelegate;
}
function checkUserDelegate() {
var currentTime = new GlideDateTime();
var del = new GlideRecord('sys_user_delegate');
del.addEncodedQuery('ends>=' + currentTime + '^starts<=' + currentTime + '^user=' + current.approver);
del.query();
while (del.next()) {
if (del.getValue('delegate') == gs.getUserID()) {
return true;
}
}
return false;
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2019 01:55 AM
Hi eglazier,
did you get solution for this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2019 12:21 PM
how to exclude approval records in Portal side