How can I restrict an ITIL user to view only Incidents assigned to their group?

Go to solution
Reddy
Kilo Sage

‎05-31-2022 08:43 AM

Hello,

I want to restrict an ITIL user to view only Incidents assigned to their group.

Thanks

Ram

0 Helpfuls
  • 2,792 Views
2 ACCEPTED SOLUTIONS

Go to solution
Allen Andreas
Administrator
Administrator

‎05-31-2022 08:49 AM

Hi,

You'd have to adjust your "read" ACLs for the incident table to ensure they can only see incidents that are assigned to their group.

You can use condition builder and choose assignment group is dynamic (one of my groups) and assign the itil role to that ACL.

Keep in mind that there are already other ACLs out of box for incident that allow itil to see more, so you'd have to adjust those to NOT allow itil to see incidents that aren't assigned to their group as well.

Alternatively, you can create a before query business rule on the incident table and do the same with script such as:

if (gs.hasRole('itil') && !gs.hasRole('admin')) {
current.addEncodedQuery("assignment_group=javascript:gs.getUser().getMyGroups()");
}

The above looks to see if the user has the itil role and does not have admin and if so, filter their results to only see records where assignment group is one of their groups.

Please mark reply as Helpful/Correct, if applicable. Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

View solution in original post

Go to solution
Jaspal Singh
Mega Patron
Mega Patron
In response to Reddy

‎05-31-2022 09:44 AM

You need to add another && condition to check group

if (gs.hasRole('itil') && !gs.hasRole('admin') && gs.getUser().isMemberOf('M')) {
current.addEncodedQuery("assignment_group=javascript:gs.getUser().getMyGroups()");
}
//Replace M with the group name in quotes

View solution in original post

8 REPLIES 8

Go to solution
Allen Andreas
Administrator
Administrator
In response to Reddy

‎05-31-2022 01:00 PM

Hi,

Heh...glad you got the correct answer...

Unfortunately, you did not state the need for it to be directed only at one group in your original question (please always give as much details as you can).

My goal was to help guide you...the point was to show you and tell you where to go and you could take it from there. Which I did and even helped provide example script, explained more about it, as well as told you what literally specific record type to use...which answered your original question.

In any case, as mentioned above, please always give all the details up front (you've posted over 50 questions, I'm sure you know the benefits of doing this...) else the first person responding...doesn't answer correctly because you didn't give all the details, then you give more details, then someone else comes along and finishes up what was already started.

Like...you didn't even ask for the if itil but not admin, do 'x'...I added that in just as my own flavor and because it logically makes sense...so even that was used, haha.

In the end, I'm glad you got help.


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Go to solution
Gillerla Rajesh
Tera Contributor
In response to Allen Andreas

‎12-11-2023 09:58 AM

Hi @Allen Andreas 

Why you suggested before query BR,. We use display query BR eight

 

 

0 Helpfuls

Go to solution
QX
Tera Contributor
In response to Allen Andreas

‎11-18-2022 06:47 AM

Good answer, how do you make an exception for incident callers and watchlists. So if i have an incident assigned to a group I am not a member of I can view it. 

0 Helpfuls

Go to solution
Gillerla Rajesh
Tera Contributor
In response to Allen Andreas

‎12-11-2023 05:35 AM - edited ‎12-11-2023 05:35 AM

Hi @Allen Andreas 

 

Why we will go for before query BR, we will go to display query BR right

 

 

0 Helpfuls