Restrict Incident Visibility to Assigned Group

zachbarr
Mega Contributor

‎07-09-2018 05:47 PM

Hi all,

I need some help. I want to restrict who can edit an Incident based off the Assigned Group.

If the user belongs to the Assigned Group, they are able to edit the Incident, if they do not belong to the group, they can view the ticket in a read only field (ALL FIELDS should be read only)

What I have tried so far:

  • Created an ACL (screenshot below) -- This makes most fields read only as expected except for State, Impact, Urgency, SD, Description, Caller_ID, Resolution Code, Resolution Notes
  • I tried to create a UI policy using the same condition and if the Assigned Group is one of my groups the UI policy action would make those additional fields NOT read-only. 

Neither option seems to get me 100% where I want to be. Anyone have any suggestions? 

  • find_real_file.png
Preview file
101 KB
Preview file
101 KB
0 Helpfuls
  • 5,642 Views
8 REPLIES 8

Harish KM
Kilo Patron
Kilo Patron

‎07-09-2018 10:22 PM

There are other ACLS on incident table which allows write permission . Can u debug the ACL and see which one is overriding

Regards
Harish
0 Helpfuls

Stevie2
Kilo Contributor
In response to Harish KM

‎04-21-2021 02:20 AM

Good Morning you Clever people!

Just bee looking at this Post, is there a quick and easy way to take this a little further. So the members of and assigment group can only see and edit items assigened to the assigment Group. Therefore, viewing all tickets within the group, INC, RFC REQ, but they will NOT to be able to view anything else, ALL Incidents, Requests etc across the group? 

Harsh Patel
Tera Contributor
In response to Stevie2

‎02-01-2023 02:30 AM

if your issue was resolved can you link me the solution.

0 Helpfuls

DarkWingII
Tera Contributor

‎03-15-2023 07:21 AM

Steps to Perform

  1. Create a Before -Query Business rule on 'Incident' table
  2. In the Advanced tab, set the condition as:
!gs.getUser().isMemberOf('<group name to be restricted for other users>')
  1. In the script field, update sys_id of the group to be restricted

 

 

(function executeRule(current, previous /*null when async*/ ) {
var grp = current.addNullQuery('assignment_group').addOrCondition('assignment_group','!=','<sys_id of the group to be restricted for other users>');
})(current, previous);

 

 

This Before-Query Business rules restrict the incidents assigned to the specific group visible only to those group members

0 Helpfuls