I want to write a script in ACL

Pooja Khatri
Tera Contributor

Hello All ,

 

I have a requirement , where there is a pre-existing "Write" ACL on the change request table for the "close code" field .

 

I want to write a script which will allow only the "requested by" , "assigned to" and the change manager role users to edit the close code fields , even for the admin users that field should be read - only , if the admin user is the requested by or assigned to only during that time they should be able to edit it .

 

How can I implement this functionality ?

4 REPLIES 4

briannice
Kilo Sage

Hello @Pooja Khatri 

 

You can use the following script in your ACL bij checking the 'Advanced' checkbox:

answer = false;

var userId = gs.getUserID();

if (
	current.getValue("assigned_to") == userId ||
	current.getValue("requested_by") == userId ||
	gs.hasRole("change_manager")
) {
	answer = true;
}

 

Make also sure that you add the appropriate roles to the ACL so that every user (requested by, assigned to) are covered. You could use 'snc_internal' for example, but be careful with this, because this gives access to all users if you do not define the script correctly.

 

If you don't want admins to override the ACL, you can uncheck the 'Admin overrides' checkbox.

 

Let me know if this works.

 

Kind regards,

Brian

I think, you should use hasRoleExactly() method to make sure admins also can't edit the close code field.

gs.hasRoleExactly("change_manager');

 

Community Alums
Not applicable

Hi,

you can achieve this requirement as using following code in the ACL script

type = record
operation = write
admin override = false (unchecked)
advanced = true( checked)
Name > change request.close_code
required role = (itil/snc_internal) roles already assigned to both ( requester or assigned to).
 
Codition script:
 
if (current.requested_by == gs.getUserID() || current.assigned_to == gs.getUserID() || gs.hasRole('change_manager'))
    answer = true;
else
    answer = false;
 
please mark this as solution accept and helpful.
thanks and regards

Sid_Takali
Kilo Patron
Kilo Patron

Hi @Pooja Khatri Try this 

var user = gs.getUser();
var userId = user.getID();
var hasChangeManagerRole = user.hasRole('change_manager');
var isRequestedBy = (current.requested_by == userId);
var isAssignedTo = (current.assigned_to == userId);
var isAdmin = user.hasRole('admin');
if (hasChangeManagerRole || isRequestedBy || isAssignedTo) {
    answer = true;
} else if (isAdmin) {
    answer = isRequestedBy || isAssignedTo;
} else {
    answer = false;
}