New role to access only specific incidents and nothing else to be visible

Drithika20
Tera Contributor

Hi All,

I have created a new role 'external_printer_techs' and have given ACL for incident table for read, create and write.

I have updated the 'incident query' business rule also to allow access to the role users to see incidents.

I have created a new module to show incidents based on the user assignment group, but still, I am not able to see any incidents in this module and neither i am able to create a new incident even if i see new button.

I have used access analyzer also to check what is wrong, it still shows that i have query business rule issue. I have checked all other query business rules as well none of them restricts the incident table's view or write access.

Note: I don't have any domain separation security.

 

Please suggest what can be done, please see below screenshots of my changes:

Drithika20_0-1743806927426.png

Drithika20_1-1743806962842.png

 

5 REPLIES 5

Shivalika
Mega Sage

Hello @Drithika20 

 

Is there any existing Query BR running on your instance? Also have you added this role - to module - incidents ? This way of putting conditions is really not recommended. But need to understand whole scenario, before suggesting a feasible approach. And you shouldn't need to create new ACLs, you should just modify existing ones by adding your new role. 

 

Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket. 

 

Regards,

 

Shivalika 

 

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

 

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY

Yes I have added this to the module, yes there is one query BR which restricts access to incidents i have handled it but still it is showing me that there is a query BR which is blocking to give access to Incidents.

Can you share the query BR @Drithika20 ? 

Rajesh_Bhise
Tera Guru

Hello @Drithika20,

 

The OOTB query BR -" incident query" is restricting access to the users who do not have roles (ITIL, sn_incident_read).

You have updated your custom role in the same condition as below:

Rajesh_Bhise_0-1744173739800.png

Hence this query BR would also ignore the users who has custom role - external_printer_techs. ACLs created and this BR might fight in between and result might be negative in your case. 

I suggest to have BR script like below:

*********************************************************************************************************

restrictIncidents();
function restrictIncidents() {
if (!gs.hasRole("itil") && !gs.hasRole("sn_incident_read") && gs.isInteractive()) {
//Do NOT restrict Incidents if user has the service_viewer role.
 
if (gs.hasRole('external_printer_techs'))   // Custom role exception
return;
 
if (gs.hasRole('service_viewer'))
return;
if (GlidePluginManager.isActive('sn_fsm_itsm_mng') && gs.hasRole('wm_ext_agent'))
return;
// STRY52118544: ham_user is added to support incident read for reporting on HAM store app
if (GlidePluginManager.isActive('com.sn_hamp') && gs.hasRole('sn_hamp.ham_user')) {
return;
}
// DEF0330091: Allow query on OT Incident with sn_ot_incident_read role
if (GlidePluginManager.isActive('com.sn_ot_inc_mgmt') && gs.hasRole("sn_ot_incident_read"))
return;
 
// Responders should be able to access all incidents 
if (gs.hasRole("sn_sow_srm.srm_responder")) {
return;
}
 
var u = gs.getUserID();
current.addQuery("caller_id", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);
}
}
*****************************************************************************************************
This would give you an expected output. Please give a try and let me know if you still have concerns. 
 
Please mark this reply as Helpful and correct. This gives confidence to answer queries like you have.
Happy to help you further.
 
Regards, 
Rajesh Bhise