How business rule 'hasAccessToDocument' affects approval records

Go to solution
menghui
Tera Expert

‎12-14-2023 11:41 PM

Hello everyone,

 

When we upgraded to the Vancouver version, the approvers can see records that don't belong to them.

I found an ACL in sysapproval_approver table. And I think it's the hasAccessToDocument in the acl that's causing the problem.

 

Does anyone know how hasAccessToDocument works?
If we just want approvers to see their own records, can we disable hasAccessToDocument and Does disable hasAccessToDocument have an impact on other features?


Best regards,
Liu

Preview file
92 KB
Preview file
80 KB
0 Helpfuls
  • 721 Views
1 ACCEPTED SOLUTION

Go to solution
Marcos Kassak
Kilo Sage
Kilo Sage
In response to menghui

‎12-19-2023 01:58 PM

Hi @menghui,

 

That's basically it!

 

If the document is found (gr.get(id) is true), it then checks if the current user has read, write, or create permissions on this document (gr.canRead() || gr.canWrite() || gr.canCreate()).

 

Then they can proceed with the approval.

 

If you found my answer helpful or correct in any way, please don't forget to mark it to help future readers! 👍

 

--

 

Kind regards,


Marcos Kassak
Solution Consultant  🎯

View solution in original post

3 REPLIES 3

Go to solution
Marcos Kassak
Kilo Sage
Kilo Sage

‎12-16-2023 08:21 AM

Hi @menghui,

 

This function is present in a Business Rule on the global table, it checks if the user can read the document that is being approved.

 

MarcosKassak_0-1702743768021.jpeg

 

https://www.servicenow.com/community/developer-forum/can-anyone-tell-me-about-hasaccesstodocument-cu...

 

If you found my answer helpful or correct in any way, please don't forget to mark it to help future readers! 👍

 

--

 

Kind regards,


Marcos Kassak
Solution Consultant  🎯

 

0 Helpfuls

Go to solution
menghui
Tera Expert
In response to Marcos Kassak

‎12-17-2023 04:39 PM

Hi @Marcos Kassak 

Thanks for your reply.

 

if (gr.get(id) && (gr.canRead() || gr.canWrite() || gr.canCreate()))​

Actually, I don't understand this code.

Does that mean that if approver can see documents that are approving, then he can see that approval records?

 


Best regards,
Liu

0 Helpfuls

Go to solution
Marcos Kassak
Kilo Sage
Kilo Sage
In response to menghui

‎12-19-2023 01:58 PM

Hi @menghui,

 

That's basically it!

 

If the document is found (gr.get(id) is true), it then checks if the current user has read, write, or create permissions on this document (gr.canRead() || gr.canWrite() || gr.canCreate()).

 

Then they can proceed with the approval.

 

If you found my answer helpful or correct in any way, please don't forget to mark it to help future readers! 👍

 

--

 

Kind regards,


Marcos Kassak
Solution Consultant  🎯