ACL for HR Case

Jon23
Mega Sage

We are currently implementing HR Service Management and have a requirement where an assignment group can restrict case access to their assignment group only.

I have achieved this by adding a new field on the form 'Restrict Case Access' and a new read ACL rule:

HR_ACL.PNG

Everything appears to work as expected, however, my question is, should I be using 'hr_Factory.getSecurityManager(current, gs).canRead()' as many of the other HR ACL rules appear to be using - after reading the wiki I am confused on how to work with these custom wrappers.

Am i creating issue for myself by not using the wrappers?

22 REPLIES 22

still seeing the error after changing the code:



org.mozilla.javascript.EcmaError: "plt_hr_caseSecurityManager" is not defined.


    Caused by error in Script Include: 'hr_Factory' at line 53




        50:             switch (_gr.getTableName()) {


        51:                 case "hr_case":


        52: gs.log("JW-DEBUG: HR CASE");


==>   53:                         return plt_hr_caseSecurityManager.getSecurityManager(_gr, _gs);


        54:                 default:


        55: gs.log("JW-DEBUG: DEFAULT");


        56:                         return hr_BaseFactory.getSecurityManager(_gr, _gs);


Hi jwalton,



Can you please verify that the script include : "plt_hr_caseSecurityManager" exists? If I am reading the error right, it is stating that the script include "plt_hr_caseSecurityManager" is not defined (the script file name and class are same - usually a convention).



Probably, you have the script file name and class name defined correctly but can you double check?



Thanks,
JP


Thanks JP!



The error was being caused by having an upper case 'C' for the script include name and and a lowercase 'c' for the classes.



plt_hr_CaseSecurityManager vs plt_hr_caseSecurityManager  



I'm still having issues with my ACL working correctly (restrict query!?) but at least there is no error in the log


Hi Walton,



This usually means that the restriction in your code is probably not what you want. Is the code being too restrictive or not too restrictive?   Here is what you can do to diagnose the issue:



- Add log messages to indicate whether the user is permitted or not permitted to see the details.


- Turn on the "System Diagnostics" > "Debug Security".


- The logs at the bottom of screen will indicate which function authorized the user to view the record.



Thanks,
JP


Did you get past the restrict query issue?   I am having what appears to be a similar issue where it is being too restrictive and I am looking for some help.


Thanks!