- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-03-2016 01:12 PM
Within our offboarding workflow there is a task related to a specific account type. I would like to restrict who can close this specifc task (by role or group membership)
Task short description always follows same pattern: date+XYZ account offboarding for+user i.e. 2015-11-25 XYZ account offboarding for Bouland, Andrew
There are two teams who need to participate in this task. The task auto-assigns to the first team who is supposed to do some work and then they are supposed to assign to the second team (XYZadmins) who will verify the first team did their job then will complete the work and mark the task closed.
I would like to create a restriction that will only allow members of the 2nd team to be able to mark the task closed_skipped, closed_incomplete, closed_complete
I have currently created an ACL that prohibits the first team from being able to change the state of the task AT ALL when task short description contains "XYZ account offboarding" but I'm curious if there isn't a way to do this in the workflow (haven't worked with approval or rollback activity yet) or with a business rule that would allow them to change state to anything other than one of our "closed" choices.
My current attempt via a Business Rule is as follows but doesn't seem to be working as intended:
Table: sc_task
Before Update/insert
Condition: current.state.changesTo(3) || current.state.changesTo(4) || current.state.changesTo(7)
script:
function userHasRole(userID, role) {
var uhrRec = new GlideRecord('sys_user_has_role');
uhrRec.addQuery('user', userID);
uhrRec.addQuery('role.name', role);
uhrRec.query();
return uhrRec.hasNext();
}
var shortdesc = current.short_description ;
if ((shortdesc.indexOf('XYZ account offboarding for') != -1))
{
var closedBy = current.closed_by;
if (!userHasRole(closedBy, 'GFRadmin'))
{
current.state.setError('Only ESops can close this task - please re-assign.');
current.setAbortAction(true);
}
}
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-03-2016 01:28 PM
Hi Andrew,
Two suggestions I can make:
1) this sounds more like a job for a client script (onChange, onSubmit) than for ACLs and Business Rules.
2) I'm not a fan of making an important distinction (i.e., the type of Task) by matching text in the subject... This could too easily get changed and break your code. I would suggest giving this type of task an exclusive category all to itself, and key off that.
Thanks,
-Brian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-03-2016 01:17 PM
Andrew,
You can have the business rule something like:
var shortdesc = current.short_description ;
if ((shortdesc.indexOf('XYZ account offboarding for') != -1))
{
var uhrRec = new GlideRecord('sys_user_has_role');
uhrRec.addQuery('user', gs.getUserID());
uhrRec.addQuery('role.name', '<<role_name>>');
uhrRec.query();
if(!uhrRec.next())
{
current.state.setError('Only ESops can close this task - please re-assign.');
current.state = previous.state;
current.setAbortAction(true);
}
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-03-2016 01:19 PM
Try below code.
Table: sc_task
Before Update/insert
Condition: current.state.changesTo(3) || current.state.changesTo(4) || current.state.changesTo(7)
script:
if ((shortdesc.indexOf('XYZ account offboarding for') != -1) && !(gs.getUserID().isMemberOf('abc_group')))
{
var closedBy = current.closed_by;
current.state.setError('Only ESops can close this task - please re-assign.');
current.setAbortAction(true);
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-03-2016 01:28 PM
Hi Andrew,
Two suggestions I can make:
1) this sounds more like a job for a client script (onChange, onSubmit) than for ACLs and Business Rules.
2) I'm not a fan of making an important distinction (i.e., the type of Task) by matching text in the subject... This could too easily get changed and break your code. I would suggest giving this type of task an exclusive category all to itself, and key off that.
Thanks,
-Brian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-04-2016 06:44 AM
Believe I like Brian's suggestions for now. I don't want to lock the field down completely, only want to prevent it from being closed by anyone who is not a member of a specific team. Modeling off of the OOB (BP) Hide Choice - Closed client script I'm managing to accomplish close to what I want. Just need to think it through a little further and I think I'll have it.
Currently I've got an onLoad script on the Catalog Task Table:
// Hide "Closed" states from everyone but XYZadmin
function onLoad() {
//if user is member of right group then do nothing
if (g_user.hasRole('XYZadmin'))
return;
//created a new sc_task field: tag to flag these by something other than short description
//if task is not of the proper type then do nothing
if (g_form.getValue('u_tag') != 'xyzoffboard')
return;
if (g_form.getValue('state') != '7' && g_form.getValue('state') != '4' && g_form.getValue('state') != '3')
g_form.removeOption('state', 7);
g_form.removeOption('state', 3);
g_form.removeOption('state', 4);
}
