ACL for Change Request (sysapprover_approval)

Go to solution
rocktheboat
Giga Contributor

‎05-30-2017 06:26 PM

Hello,

I want to remove 'Delete' functionality for the Approvals for a change request, except for Admins.

Also, just want it specifically for change requests. I tried to go the ACL route, at the 'sysapproval_approver' table at 'delete' operation

with

answer = gs.hasRole('approval_admin');

but them I though it will also alter the Approval for other request types.

Any idea how to resolve it?

I was thinking just disable the 'Delete' buttons in the UI (highlighted in yellow)

find_real_file.png

But I am not sure the what exactly is it and how to disable it. If it is a UI Action/ Script??

And then finally disabling this button.

find_real_file.png

Preview file
42 KB
Preview file
131 KB
0 Helpfuls
  • 2,419 Views
1 ACCEPTED SOLUTION

Go to solution
rocktheboat
Giga Contributor
In response to Bryan Tay3

‎06-21-2017 02:49 PM

So this is what I ended up doing in the ACL for 'sysapproval_approver' , operation 'Delete'   in the script section.



The following code check if the request is a 'change_request' or not. If it is and the User who is trying to delete the Approval Request has to have an 'approval_admin' role to delete it. Alternatively, if the request type is anything other then 'change_request' it follows the usual serivenow approval deletion process.



Here is the ACL Code:



if (current.sysapproval.sys_class_name == 'change_request')


{


answer = gs.hasRole('approval_admin');


}


else


{


answer = gs.hasRole('approval_admin') || gs.hasRole('itil') || gs.hasRole('catalog') || isApprovalMine(current);


}


View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
Bryan Tay3
Mega Guru

‎05-30-2017 08:47 PM

hi Som,



ACL below should help:



answer = (gs.hasRole('approval_admin') && current.sysapproval.sys_class_name != 'change_request');


Go to solution
rocktheboat
Giga Contributor
In response to Bryan Tay3

‎06-21-2017 02:49 PM

So this is what I ended up doing in the ACL for 'sysapproval_approver' , operation 'Delete'   in the script section.



The following code check if the request is a 'change_request' or not. If it is and the User who is trying to delete the Approval Request has to have an 'approval_admin' role to delete it. Alternatively, if the request type is anything other then 'change_request' it follows the usual serivenow approval deletion process.



Here is the ACL Code:



if (current.sysapproval.sys_class_name == 'change_request')


{


answer = gs.hasRole('approval_admin');


}


else


{


answer = gs.hasRole('approval_admin') || gs.hasRole('itil') || gs.hasRole('catalog') || isApprovalMine(current);


}


0 Helpfuls