Incident Access Control
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2024 07:22 PM
Could you share some usecases adding ACLs or qury BRs on Incident table?
I'd like to know the purpose and what fields are used for the control.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2024 07:37 PM - edited 11-11-2024 07:38 PM
ACL:
Only allow members of certain groups to view or update incidents assigned to their group.
Hide sensitive incidents from most users, such as security-related incidents.
Prevent changes to incidents that are in a Resolved or Closed state, except by users with specific roles.
Ex:
!(current.state == 6 || current.state == 7) || gs.hasRole('incident_manager');
Limit visibility of the caller's personal details (e.g., email or phone number) for privacy reasons.
Query BR:
Limit users to see only incidents assigned to their own groups.
Allow self-service users to only view incidents they reported.
Allow the "Security Team" to only see incidents with the category "Security."
Just for an example where suit and sometimes you might fall in situation where you have to decide what fits and best for future in your requirement.
One example what I have seen recently was displaying just active users was implemented in query BR, and this was working fine everywhere including portal form but caused not to display while creating a HR case for inactive users, these are points need to be minded while deciding.
Hope this will help you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2024 07:54 PM
Hi @Koji Yanase ,
Acl is meant for controlling access like you can do below.
1. If you want to provide crud access then you have to write acl br won’t help you.
2. If you want to make entirely field or few read only then you have create column level right acl.
where as BR build in for CRUD operation on database for example.
1. If you want to pull some data from table with condition then you can write before query business rule but it will only if you have read access by acl.
2. Similarly if you want to update before and after data insert and update then you make use of br to do that condition apply that you should pass the acl.
Please accept the solution it it helped.