How to allow ITIL users to add delegates only to their own profile, not others.

sssnow · ‎03-23-2017

I want to give ITIL users access to add delegate only to their own profile. Is there a trick to compare logged in user and the profile (s)he is going to update. So if both user ids are not matching, we can restrict this operation.

sssnow · ‎03-23-2017

I added ITIL role to the ACL

Alikutty A · ‎03-23-2017

Hi,

Can you please revert the changes on create ACL (it should not have any roles or condition). I just checked the oob ACL's and we already have a write ACL on sys_user_delegate.user

When I create a new delegate as itil user, the user field is not editable to me. Are you testing as admin user? Is this how it looks for you

Sorry for the confusion!

Thanks

Please Hit like, Helpful or Correct depending on the impact of the response

sssnow · ‎03-24-2017

Thanks for your research. After reverting the ACL back, it is making the user field read only. But if an ITIL user searches for another profile, he/she can add delegate which we are trying to restrict.

Alikutty A · ‎03-24-2017

Ok, Can you trying creating a new write ACL as shown

javascript:gs.getUserID()

Thanks

Please Hit like, Helpful or Correct depending on the impact of the response

Jochen Geist · ‎03-24-2017

ACLs are not re-evaluated during run time. This mean that if you change the content of a field, the ACL still remains in its original state (when the form was loaded).

You might want to look into reference qualifiers for this:

Simple demo: Set the reference qualifier to advance and enter this: javascript:'sys_id=' + gs.getUserID();

For more advanced logic (e.g. involving roles) create a script include and call that from the reference qualifier:

https://www.servicenowguru.com/scripting/script-includes-scripting/advanced-reference-qualifier-scri...