Hi @gthapa ,

To allow a group with only the sn_si.external role (which currently lets them view only assigned Security Incident Tasks, SITs) to also view the parent Security Incident Request (SIR) records corresponding to those SITs assigned to the group, creating a custom ACL on the SIR (sn_si_incident) table is an effective solution.

Approach for ACL on Parent SIR Based on SIT Group Assignment

Create a record-level ACL on the sn_si_incident table that grants read access only if the current user’s group matches the assignment group of any associated child SIT.

Points to remember

• Efficiency: Make sure indexes exist on sn_si_task.parent and sn_si_task.assignment_group for performance.

• Test: Test thoroughly for edge cases with multiple SITs per SIR and groups.

• Security: Keep the ACL strict—deny access if no matching group SIT is found.

• User Roles: Make sure the users are assigned correct groups.

This ACL method provides group-level controlled access to parent Security Incident records based on child task group assignment without relying on user-level “Read Access” form configurations.

If it is helpful, please hit the thumbs button and accept the correct solution by referring to this solution in the future it will be helpful to them.

Thanks & Regards,

Mohammed Mustaq Shaik