How to restrict update access for ITIL users if they are not part of the Assignment group on the rec
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2024 02:06 AM
Hi All,
We have ITIL users who can update any incident/request/change.
We are looking for ways to restrict this in such a way that if the ITIL user is part of the assignment group, then only the user will have access to update the record, if not the user can only read the record.
My approach - I'm thinking to create a write ACL on task table where i can check if the user part of assignment group and have ITIL role then only the user can update the record.
Has anyone implemented this approach of restricting ITIL users? Please share your thoughts or approach that you have followed to achieve this.
Thanks in Advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2024 05:08 AM
Yes we can use write ACL as per the requirement . we have implemented for some of the specific groups but not at the instance level
you can update the conditions assignment group is one of my groups and provide ITIL role to the specific ACL
Please let me know if you have any specific questions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2024 05:45 AM
Hi @Nagashree5
Here is what you should probably do.
1. Write 3 write ACL ( inc,req,change table) reason for 3 ACL is, if you write it on task, it will be applied to all tables which extends task. Which is the not your use case.
In the ACL condition, here is what you should check
If current logged in user is member of assignment group - gs.getUser.isMemberof(current.assignment_group)
Please hit correct/helpful if you this answers your question.
Regards,
Shambhu