Restrict Incident Visibility to Assigned Group

zachbarr · ‎07-09-2018

Hi all,

I need some help. I want to restrict who can edit an Incident based off the Assigned Group.

If the user belongs to the Assigned Group, they are able to edit the Incident, if they do not belong to the group, they can view the ticket in a read only field (ALL FIELDS should be read only)

What I have tried so far:

Created an ACL (screenshot below) -- This makes most fields read only as expected except for State, Impact, Urgency, SD, Description, Caller_ID, Resolution Code, Resolution Notes
I tried to create a UI policy using the same condition and if the Assigned Group is one of my groups the UI policy action would make those additional fields NOT read-only.

Neither option seems to get me 100% where I want to be. Anyone have any suggestions?

Harish KM · ‎07-09-2018

you need 2 ACL.

write ACL check the grp and allow them to edit

Read ACL to make all fields read only

Regards
Harish

Shweta KHAJAPUR · ‎07-09-2018

Hi,

Please write the below code in script of write ACL.

if(gs.getUser().isMemberOf(current.assignment_group)){
answer=true;
}

Also refer below screenshot,

zachbarr · ‎07-09-2018

I tried both suggestions and they got me to the same spot I was at. Even with writing those two acl's there are many fields that are still editable.

see below.

Shweta KHAJAPUR · ‎07-09-2018

Hi,

There are so many OOB field level write ACL exists, which might be giving access to write. ACL evaluate from most specific to generic. First field level ACL will execute then row and table level. Please inactive all field level ACL and the check with the above condition.