ACL condition to check user must have 2 specific roles

Evren Yamin
Tera Contributor

Hello,

I have a requirement to restrict wrtiting on sys_user fields when the current logged in user does not have BOTH user_admin and admin role.

I have unchecked the "Admin override" and I am using this condition

if (gs.hasRoleExactly("admin") && (gs.hasRoleExactly("user_admin") but it is not working.

Is there something that I have missed?

Appreciate all the help.

3 REPLIES 3

chrisperry
Giga Sage

Hi there,

Try updating your advanced ACL script as below:

answer = gs.hasRoleExactly('admin') && gs.hasRoleExactly('user_admin') ? true : false;

If this answer is helpful please mark correct and helpful!

Regards,

Christopher Perry

If this answer is helpful please mark correct and helpful!

Regards,
Chris Perry

Hello, unfortunately this is not working. Even when I only have the admin role, I'm still able to edit the field.

It sounds like there may be conflicting ACLs on sys_user, where at least one of them has Admin overrides = true or some other condition that is letting you edit. Do you have other write ACLs on the sys_user table?

If this answer is helpful please mark correct and helpful!

Regards,

Christopher Perry

If this answer is helpful please mark correct and helpful!

Regards,
Chris Perry