How to restrict RITM records to be visible only to specific assigned group and its members via ACL

Mayur21
Kilo Contributor

I have requirement where i need to restrict ritm records to be hidden for other group memebers and only visbile to the specific assigned group and its members.

I have written table.none ACL with below code and condition

find_real_file.png

 

find_real_file.png

Its not working as expected and users are still able to view other groups  ritm request.

Please help me on this.

1 ACCEPTED SOLUTION

sashichand
Mega Expert

Hi,

You can try the following way:

1> Create a custom role and assign it to this assignment group.

2> Now search for all the Request Read ACLs. You may have several and for the basic read ACLs for Requests that allow all ITIL(any other specif role) etc. to read the Requests. Here you should add a condition that assignment IS NOT 'xyz'.

3> Now in the new Read ACL...you should put assignment IS 'xyz' and then add the role to the role section of the ACL.

4> This way all the other Requests will be still read by ITIL(any other specific role), Expect the one assigned to this 'xyz' team.

5> now the team 'xyz' has their own ACL with role that allows the to read it.

 

Please mark reply as Helpful/Correct, if applicable. Thanks!

View solution in original post

6 REPLIES 6

Swapnil Shirsik
Giga Guru

I would check if there is existing ACL which is allowing to read these records.

answer=!gs.getUser().isMemnerOf('sys_id') && gs.getUser().hasRole('role');

Ashutosh Munot1
Kilo Patron
Kilo Patron

Hi,

There are other acls like opened by, created by is the logged in user, etc.

This ACL which you created is on REQ table, you want to hide REQ or RITM?


Thanks,
Ashutosh

Jaspal Singh
Mega Patron
Mega Patron

By this you will get 'Security constraint...' message. Prefer Query business rule over this.

For above you can remove the quotes ('') from true/false. In additon, try passing the Group Name in isMemberOf('group_name') instead of sys_id

sashichand
Mega Expert

Hi,

You can try the following way:

1> Create a custom role and assign it to this assignment group.

2> Now search for all the Request Read ACLs. You may have several and for the basic read ACLs for Requests that allow all ITIL(any other specif role) etc. to read the Requests. Here you should add a condition that assignment IS NOT 'xyz'.

3> Now in the new Read ACL...you should put assignment IS 'xyz' and then add the role to the role section of the ACL.

4> This way all the other Requests will be still read by ITIL(any other specific role), Expect the one assigned to this 'xyz' team.

5> now the team 'xyz' has their own ACL with role that allows the to read it.

 

Please mark reply as Helpful/Correct, if applicable. Thanks!