ACL condition to check user must have 2 specific roles
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-20-2022 05:18 PM
Hello,
I have a requirement to restrict wrtiting on sys_user fields when the current logged in user does not have BOTH user_admin and admin role.
I have unchecked the "Admin override" and I am using this condition
if (gs.hasRoleExactly("admin") && (gs.hasRoleExactly("user_admin") but it is not working.
Is there something that I have missed?
Appreciate all the help.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-20-2022 05:46 PM
Hi there,
Try updating your advanced ACL script as below:
answer = gs.hasRoleExactly('admin') && gs.hasRoleExactly('user_admin') ? true : false;
If this answer is helpful please mark correct and helpful!
Regards,
Christopher Perry
Regards,
Chris Perry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-20-2022 06:05 PM
Hello, unfortunately this is not working. Even when I only have the admin role, I'm still able to edit the field.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-21-2022 05:58 AM
It sounds like there may be conflicting ACLs on sys_user, where at least one of them has Admin overrides = true or some other condition that is letting you edit. Do you have other write ACLs on the sys_user table?
If this answer is helpful please mark correct and helpful!
Regards,
Christopher Perry
Regards,
Chris Perry