How to limit access to specific records using ACL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2019 04:28 AM
We have a business requirement to restrict access to specific incident records depending on the incident tagging and specific group types. For example, we need to limit access to all financial tickets (u_financial = true) to members of groups with group type "financial" and limit all supply chain tickets (u_scm = true) to members of groups with group type "scm"
So far, the only way we see implementing this is via a business rule called incident query. Any ideas on how we can implement this using an ACL? Our issue is that there is an OOTB ACL that allows any user with itil role to access any incident record. Should we deactivate this? Interested to know the best way to properly setup ACL + incident query for this kind of record restriction requirements.
- Labels:
-
Incident Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2019 05:12 AM
We tried adding another read ACL with condition and role at table level but it didn't override the existing ACL that allows all access to those with itil role.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-25-2019 05:21 AM
Please make sure that the ITIL acl have condition u_financial IS FALSE
This way ITIL is only able to read incidents with financial set to false
