Write ACL Script based off of field values

JennieD1 · ‎08-08-2023

Hi! I have a requirement to create a Write ACL based off of the value in 3 different fields. I have included an image with the fields in which the access must be granted. For example, Abel Tuter should be able to write on this form since he is the Disclosure Owner Name. I wrote a script, but it is not working when I impersonate him.

JennieD1 · ‎08-09-2023

I figured it out! I was trying to add the script to a write ACL that contained a role these users didn't have! So I created another write ACL with the following script and it worked!!

var answer = false;

if(current.u_disclosure_owner_name == gs.getUserID() || current.opened_by == gs.getUserID() || current.additional_assignee_list.indexOf(gs.getUserID()) >= 0){
	answer = true;
}

The reason it wasn't working is because theses users did not have this role, and per my requirements, I was not to give them this role.

View solution in original post

Tony Chatfield1 · ‎08-08-2023

Hi, unfortunately your post contains no clear details of your actual issue and screenshots do not allow anyone to evaluate your code.
What exactly does 'it is not working when I impersonate him' mean?

If this new ACL is disabled and you impersonate the user, do they have access to the records?
If yes then you have other ACL's that need to be reviewed\updated to exclude your user(s)

Regarding your code

additional_assignee_list looks to be a list collector and not a reference field?

which will mean that the content is a comma separated list of sys_id's and the easiest way to validate it for a specific record would be to stringy the value and use indexOf to evaluate. I would also recommend that you first instantiate answer as false, and then update to true based on your data validations. Something like
Note: edited as error in script

var answer = false;
if(current.someField1 == someValue || current.someField2 == someValue || current.someList.toString().indexOf(someValue) != -1) {
answer = true;
}

JennieD1 · ‎08-09-2023

My apologies for not being clear. It was a long day. My client wants the users in these fields to have the ability to write in the form. I have tried breaking it down into smaller pieces to see if I can get at least one field to work. I have started by only referencing the U_disclosure_owner_name field to see if I can get this to work.

var answer = false;
var user = gs.getUserID;

if(current.u_disclosure_owner_name == current.user) {
	answer = true;
}

I then impersonate Abel Tutor and open a record where he is the disclosure owner name. If my logic is correct with the above code, since he is the user in the field u_disclosure_owner_name , he should be able to write on the form, but when I impersonate him and choose the correct record, he is unable to write on the form.

Ankur Bawiskar · ‎08-09-2023

@JennieD1

your script is wrong since the field is a list field and not reference one

update as this

var answer = false;
if(current.u_disclosure_owner_name == gs.getUserID()) {
	answer = true;
}

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

JennieD1 · ‎08-09-2023

I figured it out! I was trying to add the script to a write ACL that contained a role these users didn't have! So I created another write ACL with the following script and it worked!!

var answer = false;

if(current.u_disclosure_owner_name == gs.getUserID() || current.opened_by == gs.getUserID() || current.additional_assignee_list.indexOf(gs.getUserID()) >= 0){
	answer = true;
}

The reason it wasn't working is because theses users did not have this role, and per my requirements, I was not to give them this role.