- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-11-2018 07:34 AM
Hello, I am working on a requirement where I need to give read access to records. These records contains 'Application' field and applications contains 'RTM' which points to user table. I need to give read access to the user for records if logged in user exist in the record->application->RTM. Can someone help me creating this advanced ACL. Thanks!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-11-2018 08:08 AM
Hi Paul,
You're going to make two Read ACLs. One is going to be [tableName].None and the other [tableName].*
Click the "Advanced" checkbox and in the script we'll get the current logged-in user's Sys ID and match it to the RTM field. I don't know what your table name / field names are, but here's an example of what the script would look like:
if(gs.getUserID() == current.application.managed_by){
answer = true;
}You can read more about ACLs here: Access control list rules documentation
The reason you need two ACLs is this, [tableName].None gives you access to the record and [tableName].* gives you access to all of the fields on that record. Think of it like this, if the ACL was an apartment building, [tableName].None would give you access to enter the building, and [tableName].* would give you access to all of the apartments in the building.
If you need further guidance, happy to help! If this did answer your question, please mark it as correct to help future developers 🙂
-Josh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-11-2018 08:21 AM
Josh. Thanks for your response. That's a great explanation. Actually, requirement has changed. I should give read access if person is in the support group. support_group is a field on the application. Can you please adjust? Also, where should I use this script on [tableName].* ? Thanks again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-11-2018 08:26 AM
Glad to have helped! In that case, we'll have to use a similar function that tells us if the current logged in user is a member of the group referenced in that field.
Like this:
if(gs.getUser().isMemberOf(current.application.support_group)){
answer = true;
}- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-11-2018 08:33 AM
Thanks for your efforts Josh. one last questions.. Above script goes under [tableName].* ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-11-2018 08:40 AM
Oh, sorry I missed that in your previous question. It should be on both [tableName].None and [tableName].*
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-11-2018 08:41 AM
I really appreciate your time Josh. Sorry for multiple questions. Here is more details. Table I am creating ACL on "u_cmdb_profile". Filed name "u_cmdb_profile.u_ci" and this is a list field. "u_ci" points to cmdb_ci table where it contains support_group field. Can you please adjust accordingly. Thanks
