How can we hide submitted requested items from certain users in the Service Portal?

SusanWinKY · ‎01-22-2018

We have a few catalog requests that contain private data. As such, we only want the "requested for", "opened by", and members of the approval group to be able to see the submitted requests (RITM).

We are able to hide the variables section on the RITM by either using a catalog client script or a business rule within the platform, but it doesn't work in the Service Portal. Ideally, we would be able to hide the RITM altogether (not just hide the variables section) from a user who should not be able to access it in both the platform and the Service Portal.

Has anyone solved this for both the platform and portal, and if so, how?

Susan Williams, Lexmark

Shane J · ‎01-22-2018

Sorry, I meant read ACL...

Anyway, here's what my read ACL looks like:

Script:

var answer = (gs.hasRole("itil") || current.request.opened_by == gs.getUserID() || current.request.requested_for == gs.getUserID() || current.request.requested_for.manager == gs.getUserID() || current.request.opened_by.manager == gs.getUserID() || current.watch_list.indexOf(gs.getUserID()) > -1);

View solution in original post

Shane J · ‎01-22-2018

You should be able to do this via write ACL on the RITM table. I can provide my mess of an ACL that locks it down if you want something to start with.

SusanWinKY · ‎01-22-2018

That would be fantastic. Thank you!

Susan Williams, Lexmark

Shane J · ‎01-22-2018

Sorry, I meant read ACL...

Anyway, here's what my read ACL looks like:

Script:

var answer = (gs.hasRole("itil") || current.request.opened_by == gs.getUserID() || current.request.requested_for == gs.getUserID() || current.request.requested_for.manager == gs.getUserID() || current.request.opened_by.manager == gs.getUserID() || current.watch_list.indexOf(gs.getUserID()) > -1);