ACL for Demand

win b
Mega Guru

Hi There,

Can someone help me as im currently building from my instance in which this is some of the scenarios im working on.

On the User table i created a field which type is a List and reference to sys_user table where in i can select multiple users and name it as Assigners. And on the table Demand i also created a field which name it as assignees which also reference to sys_user table.

Now the fun part im doing is im validating the assigners field and assignees fields.

Here is an example:

As a current user (Mel) i have my users listed on my Assigners field which is (Zoe, Jake, Ron) and on my Demand table im validating it on my Assignees field which is (Zoe, Mel, Fin). Now the logic applies

On the demand table as Mel if my assigners are Zoe, Jake, and Ron i want to see on my demand table are the following request:

- Created by myself with assignees (Mel, Fin, Jan) and Assigners are (Zoe, Jake, Ron)
- Created by Zoe with assignees (Zoe, Fin, Zan) and Assigners are (Mel, Zan, Zoe)
- Created  by myself but no assignees  and no assigners
- Created by myself with no Assigners and  and no Assignees

So if Jake not included me in his assigners he can see my requests only he can see it if
- im one of his assigners
- im one of the assignees along with his

The blank assignees with a user blank assigners can see the request as long as the user is the  one who created the request, so if the user is not the one who created the request and assignee is blank he cannot see the request.

Example

- Win created the request with blank assigners and blank assignees only the request created by Win he can see
- Fin created a request and check on the demand table for Win created request but cannot see since theres no assignees and assigners indicated on the request of Win.

1 ACCEPTED SOLUTION

win b
Mega Guru

anyway i already fix this one on my end. 

I created a acl script that may validate on following fields from different table that i need and make it to have a filterations.

View solution in original post

3 REPLIES 3

phil_bool_unifi
Tera Guru

Hi Win b - thanks for posting. 
I'd suggest you look again at your plan for achieving this requirement.  It sounds like you're trying to control who can see or update a Demand by naming individuals in a field. 

Firstly, I'd ask why you're limiting this functionality.  If you have Demand Managers who are responsible for processing demands after submission, it would be best if they could all support each other.  This is the 'Out of the Box' configuration. 

Secondly, if you do need to restrict updates, or even visibility of the record, a far better approach than naming individuals would be to use user groups.  You can have different users in each group, and use a permanent value, like a department, business unit or location to determine which user group should have 'edit' access to the record using a standard Access Control List.

If you really need additional confidentiality, I recommend installing the Advanced Project Security plugin on a PDI so you can see how that works to restrict permissions on the Project record.  If you wanted, you could follow a similar strategy to extend that functionality into the Demand record, but proceed with caution - the kind of customisation you're talking about has the potential to cause issues with user experience (for example, you'll need to also come up with a Query Business Rule to remove the records from the list view, otherwise users will see '20 rows removed due to security constraints' when seeing lists of records they cannot view).   The 'Out of the Box' solution is likely to give you the most value, and leave you able to adopt new functionality as and when it arrives.

Hu @phil_bool_unifi . 

 

Yes im building something which im currently using the ACLs but the thing is OOB Demand must not be touched. So i created a new View, Module on Demand with customize field along with Business Unit. But what i want is if there are others also who already done like configuration like that  from there and and want to know how did they do it since on my end im currently struggling on the additional restriction aside from the Built-in Security since it still may lack on something and want to try new things.

win b
Mega Guru

anyway i already fix this one on my end. 

I created a acl script that may validate on following fields from different table that i need and make it to have a filterations.