Restrict IT Users to a Specific Custom View on User Form

RajeshS45028713
Tera Contributor

8 hours ago

 

I want IT users to create and manage users with limited fields on the sys_user form.

Setup so far:

  • Custom form view: user_view_for_it

  • Role: limited_user_creator

  • Assigned role to IT users

  • View Rule to force this view for users with the role:

 

 
(function() { return gs.hasRole('limited_user_creator'); })();

  • Table: sys_user

  • Active: Yes

Problem:

  • IT users can still see the View dropdown and switch to the default view.

  • Giving them user_admin allows creating users but also enables switching views/editing the form.

  • Removing user_admin hides the Users module from the navigator.

Goal:

  • Load only user_view_for_it for IT users

  • Allow creating/editing users with only allowed fields

  • Prevent switching views or modifying form layout

  • IT users can still see the Users module

Has anyone implemented this? How can I restrict view switching while allowing user creation?

Thanks!

0 Helpfuls
  • 37 Views
1 REPLY 1

ChallaR
Kilo Guru

4 hours ago

Hi @RajeshS45028713 ,

 

Please find step by step process below -

Step-by-Step Solution

1-Custom View Rule

(function() { return gs.hasRole('limited_user_creator'); })();

 

This is correct and ensures the user_view_for_it is loaded for users with that role.

 

2. Prevent View Switching

To hide the View dropdown, you need to use a UI Policy or Client Script that runs only for users with the limited_user_creator role.

 

Client script -

// Type: onLoad
// Table: sys_user
// Applies to: All views

function onLoad() {
    if (g_user.hasRole('limited_user_creator')) {
        var viewDropdown = document.querySelector('[data-type="view"]');
        if (viewDropdown) {
            viewDropdown.style.display = 'none';
        }
    }
}

 

You may need to adjust the selector depending on your UI version (UI16 or Next Experience). For Next Experience, use now-ui APIs or DOM inspection.

 

3. Allow User Creation Without user_admin

The user_admin role gives too much access. Instead:

  • Create a custom ACL on the sys_user table and fields you want IT users to edit.
  • Grant write access only to the fields shown in user_view_for_it.
  • Use the limited_user_creator role in the ACL condition.

ACL-

Role: limited_user_creator
Operation: write

4. Show Users Module Without user_admin

To make the Users module visible in the Application Navigator:

  • Create a custom module under a custom application or under User Administration.
  • Set the module to open the sys_user.list view.
  • In the module settings:
    • Role required: limited_user_creator
    • Link type: List of records
    • Table: sys_user
  • Please try and let know if this helps please mark this as complete and close the thread .

Thanks,

Rithika.ch

0 Helpfuls