ACL for HR Case

Jon23
Mega Sage

We are currently implementing HR Service Management and have a requirement where an assignment group can restrict case access to their assignment group only.

I have achieved this by adding a new field on the form 'Restrict Case Access' and a new read ACL rule:

HR_ACL.PNG

Everything appears to work as expected, however, my question is, should I be using 'hr_Factory.getSecurityManager(current, gs).canRead()' as many of the other HR ACL rules appear to be using - after reading the wiki I am confused on how to work with these custom wrappers.

Am i creating issue for myself by not using the wrappers?

22 REPLIES 22

hbahl_vpt
Giga Contributor

I would suggest just included the factory condition will all condition you will write in Script block using AND operator. and make sure the groups have required HR table read role.



Regards


Harsh Bahl


Hi Harsh,



Could you provide an example of how this would look.



Thanks.


hbahl_vpt
Giga Contributor

Hi Walton ,



For Example:



In hr_case   read ACL



The script condition is as follows:


answer = checkUserGroup();




function checkUserGroup() {


  var group = returnCurrentUserGroup();


  if ( hr_Factory.getSecurityManager(current, gs).canRead() && (group.indexOf("HR Recruiter")>=0 ) && (current.category == 'offboarding')   ){


  return true;


  }



  else if ( hr_Factory.getSecurityManager(current, gs).canRead()) {


  return true;


  }


  else {


  return false;


  }


}



Here "&& (group.indexOf("HR Recruiter")>=0 ) && (current.category == 'offboarding')" is condition that I wanted to keep. Along with this I added factory condition. This will make sure that access as per factory conditions are also give and that actually make sense. For Example factory condition gives access to case record to a person who opened it.



Does this makes sense to you?



Regards


Harsh Bahl