Two table.* acl on same table is possible?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-14-2025 10:41 AM
I need to give edit access to users on alm_hardware table based on which groups are they part of. Let's say i need to give edit access of all the fields to two different users from two different groups, and based on a field value of alm_hardware. How can I achieve this?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-14-2025 12:01 PM
Yes, you can have 2 different ACLs if you want. As long as a user matches one of the ACLs, they will be granted access.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-14-2025 09:28 PM
and the 2 acls can be different only in a particular field? i mean i am differentiating the two acls based on a field only. will that work fine?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-14-2025 09:45 PM
to give edit access on the alm_hardware table based on group membership and a field value,
Create an ACL for the alm_hardware Table and set the condition
In the ACL script, check for user roles or group membership:
var group1 = gs.getUser().isMemberOf('group_one');
var group2 = gs.getUser().isMemberOf('group_two');
var conditionMatch = (current.field_name == 'desired_value');
answer = (group1 || group2) && conditionMatch;
save and This ensures edit access is granted only when users belong to the specified groups and the field condition is met.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-14-2025 09:57 PM
Yes, you can achieve this using Access Control Rules (ACLs).
To grant edit access based on group membership and a field value, create ACLs for the alm_hardware table. Use a record ACL to control table-level access and field ACLs for specific fields. In the ACL scripts, check if the user is part of the desired group using a GlideRecord query on the sys_user_grmember table, and also validate the field value (e.g., current.status == 'In Progress'). Combine both conditions in the script, and set the ACL to grant or deny access accordingly.