ACL using canRead()

richardhofing · ‎05-30-2018

I have a requirement to base read access to one table based on the read access of another. I have a table called CI Contact, which is a table that contains contacts for a given CI (in this scenario it is the cmdb_ci_linux_server). It has a reference field to the CI (Linux record), and a reference field to a user. There is a CI Contact related list on the Linux table.

The Linux table can be read by those with the ITIL role. This is working perfectly. I want to specify that a record in the CI Contact table can be read by those with read access to its related Linux record. So I created an ACL on the CI contact table as shown below, but it is not working. My experience with ACL's is limited (but growing) and I am not sure what I am doing wrong.

I log in as an ITIL user and I can see the Linux record, but not the CI records (as shown below). The field u_configuration_item is the reference field in the CI Contact table pointing to a record in cmdb_ci_linux.

ACL:

Sean Boyer · ‎07-13-2018

Richard,

If ITIL users have read access to the cmdb_ci_linux_server table based on "The Linux table can be read by those with the ITIL role. This is working perfectly." and you want those same users to be able to read the data on the u_ci_contact table based on "I want to specify that a record in the CI Contact table can be read by those with read access to its related Linux record." is there a reason that the u_ci_contact table can't just have the role of ITIL? Since it is those same users who want access to both records.

Would that work, or am I misunderstanding?

Thanks,
Sean Boyer

User166992 · ‎07-14-2018

Hello,

You can try with below script:

var gr = new GlideRecord('cmdb_ci_linux_server');

gr.get(current.u_configuration_item);

answer = gr.isValidRecord() && gr.canRead();

Let me know if you have any queries.

Best Regards,

Jai