Requested Item "Delete" button available for all users?

Go to solution
shane_holland
Mega Contributor

‎05-28-2014 01:22 PM

I noticed on the ESS view of the Requested Items for any user there is an "Update" and "Delete" button available. For regular users, all the fields have an ACL applied that makes them non-editable so they can't really update anything. However, the "Delete" button works just fine. The regular user can go in and delete the Requested Item record. This appears to be out-of-the-box functionality. Is this so? I cannot imagine why you'd want that button available to your regular users. Furthermore, is there a way to remove this button? I cannot seem to find where these are being loaded from.

0 Helpfuls
  • 3,501 Views
1 ACCEPTED SOLUTION

Go to solution
solutioningnow
Giga Guru

‎05-28-2014 01:42 PM

Hi,



There is one OOB ACL which allow end users to delete there Requested Item. You need to update that ACL if you want to remove Delete button for ESS Users.



Please answer as correct/helpful, if it was really helpful



Logo.png


Enhance Knowledge NOW@ www.solutioningnow.com


http://www.solutioningnow.com/


View solution in original post

Preview file
12 KB
0 Helpfuls
4 REPLIES 4

Go to solution
solutioningnow
Giga Guru

‎05-28-2014 01:42 PM

Hi,



There is one OOB ACL which allow end users to delete there Requested Item. You need to update that ACL if you want to remove Delete button for ESS Users.



Please answer as correct/helpful, if it was really helpful



Logo.png


Enhance Knowledge NOW@ www.solutioningnow.com


http://www.solutioningnow.com/


Preview file
12 KB
0 Helpfuls

Go to solution
shane_holland
Mega Contributor
In response to solutioningnow

‎05-29-2014 06:48 AM

I found the OOB ACL controlling the "Delete" button. Works great, thank you!


0 Helpfuls

Go to solution
sdtimb
Giga Expert

‎05-28-2014 10:15 PM

I have two ACLs that restrict the 'Delete' function to Admins on the Request Task and Catalog Task.



Right click on the form header: Personalize --> Security Rules. Click Add to add the two ACLs below. Make sure to scroll to the bottom of the page, under the Requires Roles related list add "Admin." This should remove the buttons from the form for users without the Admin role.



Note: I'm not sure if there is an OOB ACL that would override these rules (thus needing to be updated), but it doesn't hurt to try. Let me know how it goes.



ACLDeleteTSK.jpg


ACLDeleteSC.jpg


Preview file
18 KB
Preview file
20 KB
0 Helpfuls

Go to solution
NeilH2
Giga Guru

‎05-29-2014 01:08 AM

I generally set a UI action like delete so only admins can use it.


try adding:


        gs.getuser().hasrole('iitl') to the condition of the UI action


0 Helpfuls