How can I restrict an ITIL user to view only Incidents assigned to their group?

Reddy · ‎05-31-2022

Hello,

I want to restrict an ITIL user to view only Incidents assigned to their group.

Thanks

Ram

Allen Andreas · ‎05-31-2022

Hi,

You'd have to adjust your "read" ACLs for the incident table to ensure they can only see incidents that are assigned to their group.

You can use condition builder and choose assignment group is dynamic (one of my groups) and assign the itil role to that ACL.

Keep in mind that there are already other ACLs out of box for incident that allow itil to see more, so you'd have to adjust those to NOT allow itil to see incidents that aren't assigned to their group as well.

Alternatively, you can create a before query business rule on the incident table and do the same with script such as:

if (gs.hasRole('itil') && !gs.hasRole('admin')) {
current.addEncodedQuery("assignment_group=javascript:gs.getUser().getMyGroups()");
}

The above looks to see if the user has the itil role and does not have admin and if so, filter their results to only see records where assignment group is one of their groups.

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

View solution in original post

Jaspal Singh · ‎05-31-2022

You need to add another && condition to check group

if (gs.hasRole('itil') && !gs.hasRole('admin') && gs.getUser().isMemberOf('M')) {
current.addEncodedQuery("assignment_group=javascript:gs.getUser().getMyGroups()");
}
//Replace M with the group name in quotes

View solution in original post

Allen Andreas · ‎05-31-2022

Hi,

You'd have to adjust your "read" ACLs for the incident table to ensure they can only see incidents that are assigned to their group.

You can use condition builder and choose assignment group is dynamic (one of my groups) and assign the itil role to that ACL.

Keep in mind that there are already other ACLs out of box for incident that allow itil to see more, so you'd have to adjust those to NOT allow itil to see incidents that aren't assigned to their group as well.

Alternatively, you can create a before query business rule on the incident table and do the same with script such as:

if (gs.hasRole('itil') && !gs.hasRole('admin')) {
current.addEncodedQuery("assignment_group=javascript:gs.getUser().getMyGroups()");
}

The above looks to see if the user has the itil role and does not have admin and if so, filter their results to only see records where assignment group is one of their groups.

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Reddy · ‎05-31-2022

Thank you for your response, Allen.

I tested BR and it's working as you mentioned, however, I want only a particular group not to view other group Incidents.

Example: I have a group called M group, and each member has an ITIL role. Now I want the members of the M group to only see their own group Incidents, not the Incidents of other groups.

Jaspal Singh · ‎05-31-2022

You need to add another && condition to check group

if (gs.hasRole('itil') && !gs.hasRole('admin') && gs.getUser().isMemberOf('M')) {
current.addEncodedQuery("assignment_group=javascript:gs.getUser().getMyGroups()");
}
//Replace M with the group name in quotes

Gillerla Rajesh · ‎12-10-2023

Hi @Jaspal Singh

This script where can write like ACL or what ? .

And encoded query can we filter in list view and get that query means it will also work right.