How can I create ACL to give read access if logged in user is an RTM?

Paul125 · ‎10-11-2018

Hello, I am working on a requirement where I need to give read access to records. These records contains 'Application' field and applications contains 'RTM' which points to user table. I need to give read access to the user for records if logged in user exist in the record->application->RTM. Can someone help me creating this advanced ACL. Thanks!

Josh Virelli · ‎10-11-2018

Hi Paul,

You're going to make two Read ACLs. One is going to be [tableName].None and the other [tableName].*

Click the "Advanced" checkbox and in the script we'll get the current logged-in user's Sys ID and match it to the RTM field. I don't know what your table name / field names are, but here's an example of what the script would look like:

if(gs.getUserID() == current.application.managed_by){
	answer = true;
}

You can read more about ACLs here: Access control list rules documentation

The reason you need two ACLs is this, [tableName].None gives you access to the record and [tableName].* gives you access to all of the fields on that record. Think of it like this, if the ACL was an apartment building, [tableName].None would give you access to enter the building, and [tableName].* would give you access to all of the apartments in the building.

If you need further guidance, happy to help! If this did answer your question, please mark it as correct to help future developers 🙂

-Josh

View solution in original post

Ankur Bawiskar · ‎10-11-2018

Hi Paul,

Use read table level ACL i.e. None. In the condition add following as dot walked field i.e. application.ritm.<ritmField> is dynamic me

which field in RITM you need to match with logged in user? Is it opened_by

Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Paul125 · ‎10-11-2018

Thanks for the reply Ankur. There is no RITM involvement here it is RTM(Responsible Technology Manager). I dot walked like this Application.managed_by contains ??? how can I get current logged in user in the filter? Thanks

Note. Application is a list collector field. There might be several applications. User should be a RTM for one of those applications selected in the field.

CV1 · ‎02-10-2024

@Ankur Bawiskar ,

Looking for help with ACL read script
this is on cmn_location - Read - snc_externalwhen a external(customer user) log in to CSM , On Case list filter(location) should show only the accounts locationBelow script is not workingmylocation(current);function mylocation(current){
    if(current.account == gs.getUser().getRecord().getDisplayValue('account')){
        return true;
    } else {
        return false;
    }
}

Josh Virelli · ‎10-11-2018

Hi Paul,

You're going to make two Read ACLs. One is going to be [tableName].None and the other [tableName].*

Click the "Advanced" checkbox and in the script we'll get the current logged-in user's Sys ID and match it to the RTM field. I don't know what your table name / field names are, but here's an example of what the script would look like:

if(gs.getUserID() == current.application.managed_by){
	answer = true;
}

You can read more about ACLs here: Access control list rules documentation

The reason you need two ACLs is this, [tableName].None gives you access to the record and [tableName].* gives you access to all of the fields on that record. Think of it like this, if the ACL was an apartment building, [tableName].None would give you access to enter the building, and [tableName].* would give you access to all of the apartments in the building.

If you need further guidance, happy to help! If this did answer your question, please mark it as correct to help future developers 🙂

-Josh