How to restrict update access for ITIL users if they are not part of the Assignment group on the rec

Nagashree5
Tera Contributor

Hi All,

 

We have ITIL users who can update any incident/request/change. 

We are looking for ways to restrict this in such a way that if the ITIL user is part of the assignment group, then only the user will have access to update the record, if not the user can only read the record.

 

My approach - I'm thinking to create a write ACL on task table where i can check if the user part of assignment group and have ITIL role then only the user can update the record.

 

Has anyone implemented this approach of restricting ITIL users? Please share your thoughts or approach that you have followed to achieve this.

 

Thanks in Advance.

2 REPLIES 2

anvesh_v
Giga Guru

Yes we can use write ACL as per the requirement .  we have implemented for some of the specific groups but not at the instance level 

you can update the conditions assignment group is one of my groups and provide ITIL role to the specific ACL 

Please let me know if you have any specific questions 

Shambhu K B
Giga Guru

Hi @Nagashree5 

Here is what you should probably do.

1. Write 3 write ACL  ( inc,req,change table) reason for 3 ACL is, if you write it on task, it will be applied to all tables which extends task. Which is the not your use case.

In the ACL condition, here is what you should check

If current logged in user is member of assignment group - gs.getUser.isMemberof(current.assignment_group)

 

Please hit correct/helpful if you this answers your question.

Regards,

Shambhu