ACL not working with condition builder

Go to solution
jamhoe
Tera Expert

‎05-02-2017 11:08 PM

Hi All,

I am creating an ACL to restrict a user with a custom role to access and update Incident records.

I have tried to create a Read ACL rule with the following configurations:

find_real_file.png

find_real_file.png

However, if i tried to impersonate a user with a 'bu_itil' role, those 3 records does not display on the incident list.

I have also tried to script the condition but it is not evaluated when I checked it on the debug logs.

Maybe you guys can help me out on this . TIA.

Preview file
23 KB
Preview file
28 KB
0 Helpfuls
  • 3,559 Views
1 ACCEPTED SOLUTION

Go to solution
jamhoe
Tera Expert
In response to amlanpal

‎05-03-2017 03:58 AM

Hi Amlan,



I used the code you have provided, however it did not provide me the right results.



But, I tried to tweak the code based on what you have provided and it does the trick.



find_real_file.png



find_real_file.png



Thanks for the help.



Regards,


JM


View solution in original post

Preview file
37 KB
Preview file
33 KB
0 Helpfuls
21 REPLIES 21

Go to solution
jamhoe
Tera Expert
In response to amlanpal

‎05-03-2017 01:39 AM

Hi Amlan,



I have already edited the BR according to what you have provided.



You may check the screenshots below for reference of the result.



It is odd that when I accessed the ALL module of incident,it only displays records that has been created by the account.



In order for me to display the required records, I need to filter it first.


0 Helpfuls

Go to solution
amlanpal
Kilo Sage
In response to jamhoe

‎05-03-2017 01:45 AM

Hi Joe,



There is a type error in your script where you have used "if ((!gs.hasRole("itil") || gs.hasRole("bu_itil")) && gs.isInteractive())". Whereas you need to use the below line (type error is highlighted in Bold😞


if (!(gs.hasRole("itil") || gs.hasRole("bu_itil")) && gs.isInteractive())



As you have mentioned Incident All module displays only those records which were created by that account. And this is because of the typo error in the If Loop. Request you to modify that and give it a try.



I hope this helps. Please mark correct/helpful based on impact



0 Helpfuls

Go to solution
jamhoe
Tera Expert
In response to amlanpal

‎05-03-2017 01:49 AM

Hi Amlan,



I have already change it:


find_real_file.png



the screenshot below is the result.


Preview file
26 KB
0 Helpfuls

Go to solution
amlanpal
Kilo Sage
In response to jamhoe

‎05-03-2017 02:22 AM

Hi Joe,



Can you please add 'bu_itil' role in the OOB ACL with the Description "itil role required to read incident records" and test again? By default only itil role is added there.



I hope this helps. Please mark correct/helpful based on impact


0 Helpfuls

Go to solution
jamhoe
Tera Expert
In response to amlanpal

‎05-03-2017 02:29 AM

Hi Amlan,



I did what you told me and all incident records   were displayed.


0 Helpfuls