How to allow ITIL users to add delegates only to their own profile, not others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-23-2017 10:04 AM
I want to give ITIL users access to add delegate only to their own profile. Is there a trick to compare logged in user and the profile (s)he is going to update. So if both user ids are not matching, we can restrict this operation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-23-2017 11:52 AM
I added ITIL role to the ACL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-23-2017 12:07 PM
Hi,
Can you please revert the changes on create ACL (it should not have any roles or condition). I just checked the oob ACL's and we already have a write ACL on sys_user_delegate.user
When I create a new delegate as itil user, the user field is not editable to me. Are you testing as admin user? Is this how it looks for you
Sorry for the confusion!
Thanks
Please Hit like, Helpful or Correct depending on the impact of the response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-24-2017 08:04 AM
Thanks for your research. After reverting the ACL back, it is making the user field read only. But if an ITIL user searches for another profile, he/she can add delegate which we are trying to restrict.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-24-2017 08:24 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-24-2017 08:37 AM
ACLs are not re-evaluated during run time. This mean that if you change the content of a field, the ACL still remains in its original state (when the form was loaded).
You might want to look into reference qualifiers for this:
Simple demo: Set the reference qualifier to advance and enter this: javascript:'sys_id=' + gs.getUserID();
For more advanced logic (e.g. involving roles) create a script include and call that from the reference qualifier: