Delegates - How to allow certain roles to create new delegate records for all users

pennieturner
Mega Guru

At present, you can only add a delegate to your own user record (unless you are admin)

I want to allow a group of people IE Service Desk to be able to create and write to a users delegate record.

So I created a new ACL for sys_user_delegate Create Record and allowed the servicedeskmanager role access to it, but I still get an error -

Invalid update

Cannot assign or modify other users' Delegates

I updated the other rules for sys_user_delegate table so that the servicedeskmanager role can read and write to the table, and they can see it, but when they press submit the error appears.

Any ideas how I can do this so that the servicedeskmanager role can update delegates for other users?

Thank you

6 REPLIES 6

Thank you



Are you able to tell me how you achieve this? Which ACLS you added as this is still something we need to do



Thank you in advance


Brendan Hallida
Kilo Guru

I know that this is pretty old, however, I have pieced together what to do to get this done and it works well in our environment.



Hopefully, this helps someone in the future.



  1. Create Group Delegate Admin
  2. Create role delegate_admin
  3. Edit the write ACL sys_user_delegate.user to allow delegate_admin role write access.   Edit the script with the below
    1. (gs.hasRole("approval_admin") || gs.hasRole("delegate_admin"));
  4. Create Read ACL for sys_user_delegate.   Set delegate_admin role.
  5. Create Write ACL for sys_user_delegate.   Set delegate_admin role.
  6. Set the Business Rule 'Delegates' to inactive.
  7. Create new business rule 'New Delegates'.   Edit the condition on the business rule with current.user != gs.getUserID() && !gs.hasRole('admin,delegate_admin')
  8. Add the delegate_admin role to the Module 'Delegates' so the delegate admins can see the Delegates menu module.
  9. Create Notification for Admins
  10. Create Notification for user and delegate


The notification will send an email to the admin group, to ensure that nothing nefarious is going down.   We do not expect the delegate function to happen often, outside of the Service Desk.   A second notification will send an email to the delegate and the user.   this is useful for when users delegate their assignments to others when going on leave, to ensure they actually know they are having responsibilities delegated to them.