Field level ACL is not working

Go to solution
priyanka chodip
Tera Contributor

‎10-07-2022 08:26 AM

Hi,

there is a group called(DOC). they don't have write access to any field on server table, they can only read the fields. but they want write access on 2 fields(A & B).
so i created a role called (field_access) and created two field level ACL's and in required role i added the role(field_access)which is created by me and also added same role to the group (DOC).
i tested by impersonating a person from the group DOC and it did not work.
then i wrote a script include (name - accesstofields)
accesstofields.prototype = Object.extendsObject(AbstractAjaxProcessor, {
accesstofieldsinserver: function() {
if (gs.getUser().hasRole('field_access')){
return true;
}
return false;
},
type: 'accesstofields'
});

and in Field level ACL, i called the script include like:
answer= new global.accesstofields().accesstofieldsinserver();

 even though the DOC group is not getting field level access.

if anyone has idea on this , Please do help.
Thankyou
Priyanka

0 Helpfuls
  • 2,881 Views
3 ACCEPTED SOLUTIONS

Go to solution
Anil Lande
Kilo Patron

‎10-07-2022 09:02 AM

Hi,

This may be because you have created only field level write ACL's. If users of group does not have access to write on Record then they won't be able to write fields.

Create an ACL for table with write access and grant write access to your group.

 

Note: Instead of introducing  new role for only one group you can check user membership in ACL script like:

if(gs.getUser().isMemberOf('DOC')){

return true;

}

 

 

Thanks,

Anil Lande 

Please appreciate the efforts of community contributors by marking appropriate response as correct answer and helpful, this may help other community users to follow correct solution in future.
Thanks
Anil Lande

View solution in original post

Go to solution
Anil Lande
Kilo Patron
In response to priyanka chodip

‎10-07-2022 07:42 PM

Okay, You need to create one more ACL to restrict access to all field.

1. Create table.* ACL and use below logic in script part.

if(gs.getUser().isMemberOf('DOC')){

return false;

}

 

This way (*) all fields will be read-only for this group and your two field level ACL's will allow users to edit those two fields only.

 

Please appreciate the efforts of community contributors by marking appropriate response as correct answer and helpful, this may help other community users to follow correct solution in future.
Thanks
Anil Lande

View solution in original post

Go to solution
Anil Lande
Kilo Patron
In response to priyanka chodip

‎10-10-2022 10:03 AM

Yes, that should be fine. Did you noticed any issue for other users (having itil role)?

Please check if there is any impact on other table and rows.

In your case it is masking parent table ACL's which will not be effective since you made these changes.

If you see any issue for other users who, then create similar ACLs (which are masked) with same conditions, roles and script.

 

Please appreciate the efforts of community contributors by marking appropriate response as correct answer and helpful, this may help other community users to follow correct solution in future.
Thanks
Anil Lande

View solution in original post

8 REPLIES 8

Go to solution
Anil Lande
Kilo Patron

‎10-07-2022 09:02 AM

Hi,

This may be because you have created only field level write ACL's. If users of group does not have access to write on Record then they won't be able to write fields.

Create an ACL for table with write access and grant write access to your group.

 

Note: Instead of introducing  new role for only one group you can check user membership in ACL script like:

if(gs.getUser().isMemberOf('DOC')){

return true;

}

 

 

Thanks,

Anil Lande 

Please appreciate the efforts of community contributors by marking appropriate response as correct answer and helpful, this may help other community users to follow correct solution in future.
Thanks
Anil Lande

Go to solution
priyanka chodip
Tera Contributor
In response to Anil Lande

‎10-07-2022 11:43 AM

Hi Anil, 

 

Thankyou for the reply. 

I tried that as well. I created an ACL write access for table and added group in required role. 

By doing that, group is getting access to write on other fields as well. But requestor wants write access on fields A & B, Remaining fields should remain readonly

Please suggest an alternative to fix this issue. 

 

Thankyou 

Priyanka

 

0 Helpfuls

Go to solution
Anil Lande
Kilo Patron
In response to priyanka chodip

‎10-07-2022 07:42 PM

Okay, You need to create one more ACL to restrict access to all field.

1. Create table.* ACL and use below logic in script part.

if(gs.getUser().isMemberOf('DOC')){

return false;

}

 

This way (*) all fields will be read-only for this group and your two field level ACL's will allow users to edit those two fields only.

 

Please appreciate the efforts of community contributors by marking appropriate response as correct answer and helpful, this may help other community users to follow correct solution in future.
Thanks
Anil Lande

Go to solution
priyanka chodip
Tera Contributor
In response to Anil Lande

‎10-07-2022 11:59 PM

Hi Anil,

Now it's working as expected. Thankyou so much.

Thanks &regards
Priyanka

0 Helpfuls